by Raimund Genes
Operation Aurora, Shady RAT, Woolen-Goldfish and now Iron Tiger: we’ve all been talking about targeted cyber attacks for so long now that it sometimes pays to stand back and take stock of exactly where we are as an industry. That’s what we have done with a new piece of research in partnership with Quocirca surveying attitudes towards these advanced, highly covert threat campaigns. We asked 500 European IT decision makers whether they thought targeted attacks had increased of late; the potential impact on their respective organisations; and what steps they’d take to mitigate such attacks.
The findings prove that senior IT leaders are finally waking up to the threat, as more and more of their peers are humbled by these laser-focused attacks.
On the rise
The research will be discussed at a media roundtable during Trend Micro’s upcoming CLOUDSEC conference in London on Thursday. It will reveal that virtually all respondents believe targeted attacks are on the rise, having soared over the past year. What’s more, UK organisations are more likely to be targeted – with the estimated average number of detected attacks reported by IT leaders in this country around 40% higher than elsewhere in Europe. It’s not surprising that the number of respondents who believe the problem of targeted attacks has been exaggerated dropped from 26% to just 7% last year.
This is important because when there’s a genuine threat out there it can be hard to battle customer suspicions that it’s merely the product of vendor FUD and over-zealous headline writers. Here we should mention the distinction we make between targeted attacks and APTs. The latter was a term, which grew out of the US military and should refer specifically to cyber attacks carried out by nation states. As a result, not many ordinary organisations will be affected by an APT, unless they work in specific industries like defence and government which could make them a valuable target.
Targeted attacks, on the other hand, are a very real and present threat as they are carried out by cybercriminals from anywhere in the world – usually employing tools and malware found on the underground online markets. The skill in these attacks usually resides with their ability to socially engineer their victims into ‘click-starting’ a malware download.
Assuming these terms mean the same thing can actually serve to complicate things. Either CIOs wrongly think they are safe because they aren’t a target for nation state hackers, or else it encourages a defeatist attitude of “what hope do I have against this kind of cyber fire power?”
The reality is that targeted attacks are here to stay. But while it’s impossible to deflect a determined attacker, there are things every IT manager, CIO and CISO can do to reduce the risk of their most sensitive data leaving the organisation. The key is to gain better ‘situational awareness’ of what’s going on in the corporate network via tools like file integrity monitoring and log inspection. Then you can spot more quickly unusual activity that could be the tell-tale sign of a covert intrusion. There’s also a place for user training to weed out the spear phishing emails that are usually the initial threat vector. And advanced sandboxing technology can be helpful in blocking these threats before they can get onto the network.
CLOUDSEC London 2015
We’ll be discussing this research on targeted attacks and much more at a packed CLOUDSEC conference in London today.
It’ll be a great chance for IT leaders to network with their peers and find out more on some of the key threat trends facing us in 2015.
Take part in the conversation today by following #cloudseclondon on Twitter.