AllNavigating the Evolving Threat Landscape with a More Complete Approach to Network Security
Navigating the Evolving Threat Landscape with a More Complete Approach to Network Security
HOW TARGETED ATTACKS ARE CHANGING THE
NETWORK SECURITY LANDSCAPE
It used to be that cybercriminals would blindly cast a wide net, sending millions of fraudulent
emails in the hope that a few people would be tricked into handing over their personal or
financial information. As organizations evolved their security infrastructures and the average
user became more aware of how and how not to behave online, cybercriminals looking to
make a profit soon realized they could no longer rely on crude, random attacks. Today,
targeted attacks are the weapon of choice: a far more lucrative tactic that uses malware
purpose-built to bypass defenses and penetrate the network of a single organization.
Single-target attacks are not ‘one size fits all’ — they require specialized knowledge and
detailed information on the target. They are the result of advance reconnaissance, research
and testing, all with the goal of finding the best way to circumvent an organization’s security
measures and exploit the vulnerabilities in its software, systems and users. In many cases, this
means utilizing a specific user’s personal information (such as their interests, known
associates or familiar email addresses) to entice them to
Has your organization been hit?
follow an email-embedded link, open a weaponized
attachment or visit a fake website that can immediately
Of the 264 enterprise networks
download malicious code. After compromising the user’s
analyzed during proofs of
system, the code can then spread silently and laterally
concept conducted by Trend
throughout the enterprise’s network.
Micro in
2015–16, we found that:
This tailored approach makes each targeted attack unique,
• 80% had experienced a
using unexpected combinations of applications, devices,
network-based attack or
protocols, ports, command-and-control communications1,
exploit
encrypted malware, and zero-day exploits to achieve its
• 90% had active commandobjectives. Targeted attacks are also dynamic, able to change
and-control activity on their
their behavior and digital ‘appearance’ during the course of an
network
attack, making it even more difficult for traditional anti• 65% had been infected by
malware defenses to detect them.
zero-day or unknown
malware
It’s not a surprise, then, that many enterprises have already
been compromised by targeted malware — and they likely
don’t even know it.
•
17% were being actively
breached
1
Command-and-control servers can be used to remotely send malicious commands to a botnet or compromised network of
computers. The term originated from the military concept of a commanding officer directing control to his/her forces.
Page 3 of 16 | Trend Micro White Paper
Smart, Optimized, Connected
A Trend Micro White Paper | February 2017
Responding to increasingly complex threats
Research sponsored by Trend Micro suggests that 58 percent of surveyed organizations have
discovered malware in their networks that went undetected by traditional security solutions.
Most of the surveyed organizations also felt certain that other malware was still running
undetected on their servers, mobile devices and PCs.2
Even though they know they have been compromised, resource constraints make it impossible
for organizations to investigate every possible threat — and even if they could, it is becoming
increasingly difficult to definitively determine what is bad and what is good among the traffic
passing over their networks. On top of that, with the emergence of targeted ransomware, the
time an enterprise has to detect and stop an attack has been reduced to mere seconds: most
systems can be encrypted in less than a minute and the time from delivery to open is, on
average, just 111 seconds.
With today’s enterprises in the crosshairs of a massive volume and variety of increasingly
complex attacks, traditional security measures on their own are not enough. New security
capabilities are needed to create an effective defense against these advanced threats,
including the ability to monitor network traffic for malicious behavior, rapidly identify and
block ‘known bad’ entities as they pass through the network (i.e., before they have a chance to
be delivered to a user’s device), and analyze and respond to suspicious payloads.
In addition to the known and unknown threats, enterprises also need to be able to protect
themselves against undisclosed threats: unpatched vulnerabilities that are known only by one
particular security vendor (typically through its ‘bug bounty’ program) and the affected
software vendor. Undisclosed vulnerabilities are considered unknown by all other security
vendors and malware writers — and may exist for months before a patch becomes available.
To meet all these requirements, enterprises must employ an approach to network security
that is smart, optimized and connected. Such an approach is embodied in Trend Micro’s
Network Defense solution powered by XGen™ security, which leverages a unique blend of
cross-generational threat protection techniques and market-leading global threat intelligence
to detect and mitigate targeted attacks.
2
Quocirca, February 2014. The trouble heading for your business: Targeted attacks and how to defend against them.
www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_quocirca-analyst-targeted-attacks.pdf.
Page 4 of 16 | Trend Micro White Paper
Smart, Optimized, Connected
Please complete the form to gain access to this content
