Cyber Criminals Target Military Research Institutions in IndiaAccording to a Trend Micro report, Q1’s visible events –Linsanity, Whitney Houston’s death, and sociopolitical upheavals around the world –gave cybercriminals new social-engineering campaign material, equipping them to penetrate and or infect users and networks in order to access victim’s data.
The report also noted that cybercriminals who launch APIs will often keep track of the different attacks within a campaign in order to determine which individual attack compromised a specific victim’s network. The Luckycat campaign, in particular, attacked a diverse set of targets using a variety of malware, some of which have been linked to other cyber-espionage campaigns.
This quarter’s top spam-sending countries included: India (20 percent), Indonesia (13 percent), South Korea (12 percent), and Russia (10 percent).
Notable trends in Q1 2012:
- Cybercriminals are capitalizing on the growth of Android users who use their smartphones to gain Internet access. In fact, Trend Micro identified approximately 5000 new malicious Android apps in the first quarter.
- Apple surpassed Oracle, Google and Microsoft in reported vulnerabilities, with a total of 91. Oracle came in second, with 78; Google, 73; Microsoft, 43. Apart from posting the highest number of reported vulnerabilities, Apple also issued a record-breaking number of patches last March.
- New social networking site, Pinterest, gained not just popularity but also notoriety. Site users were drawn into “re-pinning” a Starbucks logo to get supposed gift cards but instead got malware.
“The number of targeted attacks has dramatically increased. Unlike largely indiscriminate attacks that focus on stealing credit card and banking information associated with cybercrime, targeted attacks noticeably differ and are better characterized as “cyber espionage.” said Amit Nath, Country Manager India and SAARC Micro Trend.
Trends in Targeted Attacks
Targeted attacks that exploit vulnerabilities in popular software in order to compromise specific target sets are becoming increasingly commonplace. These attacks are not automated and indiscriminate nor are they conducted by opportunistic amateurs. These computer intrusions are staged by threat actors that aggressively pursue and compromise specific targets. Such attacks are typically part of broader campaigns, a series of failed and successful compromises, by specific threat actors and not isolated attacks. The objective of the attacks is to obtain sensitive data.
Targeted attacks remain a high priority threat that is difficult to defend. These attacks leverage social engineering and malware that exploits vulnerabilities in popular software to slip past traditional defenses. While such attacks are often seen as isolated events, they are better conceptualized as campaigns, or a series of failed and successful intrusions. Once inside the network, the attackers are able to move laterally in order to target sensitive information for ex-filtration. The impact of successful attacks can be severe and any data obtained by the attackers can be used in future, more precise attacks.
However, defensive strategies can be dramatically improved by understanding how targeted attacks work as well as trends in the tools, tactics and procedures of the perpetrators. Since such attacks focus on the acquisition of sensitive data, strategies that focus on protecting the data itself, wherever it resides, are extremely important components of defense. By effectively using threat intelligence derived from external and internal sources combined with context-aware data protection and security tools that empower and inform human analysts, organizations are better positioned to detect and mitigate targeted attacks