A targeted attack is one that seeks to breach the security measures of a specific individual or organization. Usually the initial attack, conducted to gain access to a computer or network, is followed by a further exploit designed to cause harm or, more frequently, steal data.
Targeted attacks are often used in conjunction with advanced persistent threats (APT) in industrial espionage. Business disruption and making political statements are among the other purposes of such attacks.
Who’s being targeted?
Cybercriminals often target businesses that process or store information that can be exploited by the criminal for personal gain. Typical targets include:
Criminals will attack a bank’s servers or network, in order to access information and illegally transfer funds from customers’ bank accounts.
- Billing companies – such as telephone companies
When a billing company is singled out for an attack, the criminals are generally looking to access customer accounts or steal valuable information – such as customer databases, financial information or technical data.
Getting past corporate security
Because large companies – that are normally the subject of targeted computer virus attacks – will often have a high level of IT security, the cybercriminals may need to employ some particularly cunning methods. With most organisations benefiting from a firewall and other protective measures against external attacks, the criminal may look for assistance from within the organisation:
Employees may unwittingly assist the criminal by responding to phishing emails – that pretend to be from the company’s IT department – asking the employee to enter their corporate system access password… for testing purposes.
- Using a false identity
In some cases, criminals may use personal information that they’ve gathered from social networking websites, in order to assume the identity of an employee’s colleague – so that the phishing request for usernames and passwords looks as if it has genuinely been sent by a colleague. This helps to ensure that employees do not become suspicious when asked to enter their password.
Other articles and links related to Targeted Attacks
- Computer Vandalism
- Petty Theft
- What is a Trojan?
- Data Loss and Data Theft
- Spam and Phishing