Page 50 - index
P. 50
Preparing for Opportunistic and Targeted Attacks Requires
Sound Leadership
By Mike Sconzo, Senior Threat Researcher, Bit9 + Carbon Black
A shift is occurring in information security. Security leaders are not only looking to increase their
detection and response capabilities, they are also bringing in security professionals with unique
talents who can hunt for new incidents and respond to them. Security is no longer simply about
technology. Now, it’s all about people and processes powering technology. The “people”
element is, perhaps, most important.
The move toward active detection (hunting) and response is a necessary change throughout the
industry brought on by the mindset shit of “I hope my organization won’t be attacked” to “when
and how frequently will it be attacked?” In preparing for the “when,” all is not lost. By
understanding how your organization falls into each target group, it is possible to defend, detect,
and respond against the two types of attacks organizations normally see: opportunistic and
targeted.
Opportunistic Attacks
There are various ways to become a victim of opportunity. At one end of the scale there are
traditional commodity malware and exploit kits. These are distributed with very little regard for
who or what gets targeted, and the attackers’ goals often vary – perhaps the malware gathers
credentials to banking or gaming sites, mines bitcoin, or various other purposes.
There are several popular exploit kits, and campaigns vary in type of malware distributed.
According to Malwarebytes, about two thirds of new malware infections are delivered by exploit
kits.
Taking this number and looking at the total number of malware events in the Verizon Data
Breach Investigations Report (170 million), leads to at least 112 million malware infections this
past year by exploit kits, like the angler exploit kit that was recently used in a hacktivism
campaign to drive views to politically sensitive videos.
On the other end of the spectrum of opportunistic attacks are watering holes. The purpose of a
watering hole is to compromise a site (the watering hole itself) in hopes that users of various
other targets will visit it on their own.
Another example of an opportunistic attack, somewhere in the middle, would be scanning hosts
on the Internet or using a search engine to find vulnerable software versions to exploit, like the
notable cases of Heartbleed and Shellshock.
50 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
