Personal tools
 

Targeted Intrusions

Salem_MA_69468_n
(Salem, Massachusetts - ROC (Taiwan) Student Association of MIT)
  
 

- Overview

A targeted attack refers to a type of threat in which threat actors actively pursue and compromise a target entity’s infrastructure while maintaining anonymity. These attackers have a certain level of expertise and have sufficient resources to conduct their schemes over a long-term period. They can adapt, adjust, or improve their attacks to counter their victim’s defenses.

Cyber espionage remains a major concern, although the majority of incidents seem to be moving away from government-sponsored actors to those seeking purely financial gain. Targeted intrusions differ from general hacking as the perpetrators will work hard to avoid detection and may change their approach as they continue to focus on their victim.

 

- Ransomware

Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam -- attachments that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. Some other, more aggressive forms of ransomware, like NotPetya, exploit security holes to infect computers without needing to trick users. 

There are several things the malware might do once it’s taken over the victim's computer, but by far the most common action is to encrypt some or all of the user's files. In some forms of malware, the attacker might claim to be a law enforcement agency shutting down the victim's computer due to the presence of pornography or pirated software on it, and demanding the payment of a "fine," perhaps to make victims less likely to report the attack to authorities. But most attacks don't bother with this pretense. There is also a variation, called leakware or doxware, in which the attacker threatens to publicize sensitive data on the victim's hard drive unless a ransom is paid. But because finding and extracting such information is a very tricky proposition for attackers, encryption ransomware is by far the most common type.

Ransomware is one of the most common malware breaches variety. Credentials can also be compromised in a ransomware attack. Automation of attacks through online services means that ransomware will likely remain a growing problem.

 

[More to come ...]

 

 

Document Actions