The motivations for a cyber attack are familiar- money, notoriety, political scheming, protests- the list goes on. Whatever the case may be, understanding the incentive behind an attack can be a good indicator of how an attack may have been carried out. One element of investigating these attacks is discerning whether they were targeted or indiscriminate attacks. It’s tempting to say that all attacks are technically targeted at someone, but in the realm of cyber crime, a targeted or indiscriminate attack will differ vastly in scope and consequence. Damage is inevitable with either type of attack, but learning to differentiate the two can help individuals and organizations to adequately protect themselves against that which they are most likely to fall victim to.
The most common form of attack that any one person is likely to encounter is an indiscriminate attack. These are opportunistic and sent out en masse to ensnare whomever possible. The most common examples of such attacks are malware, ransomware, viruses, and worms.
Part of what makes these attacks so prolific and dangerous is their relative ease to obtain and deploy. Those with the necessary expertise can mass-produce and sell variants on the Dark Web, enabling so called “script-kiddies” to engage in crime that would otherwise be reserved for a more select few. Whether they were deployed by their creator or not, these kinds of attacks are not time-intensive, meaning that they are relatively cheap and enticing in their effectiveness.
The most recently example of this kind of attack was with the ransomware Wanacry, which spread globally and confounded security experts with its seemingly worm-like behaviors. Later it was determined that the ransomware was spreading on its own by scanning for systems vulnerable to MS17-010, a vulnerability in Microsoft’s SMB protocol, and then using a recently leaked NSA backdoor to install the ransomware on the system.
Such attacks are expected to increase, meaning that it is more crucial than ever to understand how one could fall victim to these kinds of attacks. The most concise advice would be simply, “don’t click”. This applies to popup ads, suspicious emails, and even to seemingly authentic sites.
Targeted attacks are another matter altogether, and if you’re thinking about Ocean’s 11 for this one, you’re not too far off. A team is assembled, plans are made, and there’s a good amount of social engineering to pull it all through. These attacks are elaborate and expensive endeavors, with a deliberate process for breaching a victim’s infrastructure. Generally speaking the targets for these attacks are a single company or organization, but can also be a type of industry. Some of the common tactics employed with targeted attacks include social engineering and spear phishing.
Those behind a targeted attack usually have sufficient resources to implement their plans over a long period of time, and enough sophistication to adapt and adjust their attacks in response to different levels of defense. They are not, however, as complex as Advanced Persistent Threats (APTs), which are state-sponsored and staffed by salaried engineers. The targets of these groups usually differ as well, with targeted attacks usually aiming for financial gain, while APTs are intended to seriously disrupt political affairs or critical infrastructure.
Aside from potential financial losses, targeted attacks also pose the added complication of being detrimental to an organization’s credibility and reputation. In a rather unfortunate case of irony, U.S. retailer Target was the victim of a targeted attack in 2014, with other notables being Sony, Home Depot, and Subway.
Larger organizations such as these are not the only ones with cause for concern. Attacks on smaller businesses are on the rise, with their appeal stemming largely from their lack of mature security programs. Tools such as Anomali STAXX are a free and convenient way for small businesses to incorporate threat intelligence into their security stack, giving them valuable insight into information that could warn of a targeted attack. No matter the size of the group or the tools in place, organizations can protect themselves by educating their employees and members on cyber best-practices and enacting adequate security measures.
Right on Target?
Perhaps one of the best methods of preventing both targeted and indiscriminate attacks is to share information about these events with trusted partners or local authorities. Sharing can be a daunting prospect considering the potential to expose vulnerabilities, but the rewards far outweigh the risks. As of now, it’s fair to say that the security industry isn’t quite on target to share as much as maybe it should, but dedicated efforts from ISACs and government initiatives are helping to bridge the gap in trust amongst groups.
Topics:Cyber Threat Intelligence