Skip to content

Targeted Attack Trends

Report: Threat Targets Diversify in 2H 2013

Download the full report on Targeted Attack Trends

"A targeted attack is not a one-time process. Threat actors continuously look for new targets to expand their control over the targeted organization. They also change their plans and adopt different techniques and tools, depending on the information they want to collect." —SPENCER HSIEH, Threat Researcher

Targeted attack campaigns BLYPT and Esile proved this during the latter half of 2013.

The BLYPT campaign uses a backdoor malware family to exploit a specific Java vulnerability in its target systems. Most of the BLYPT campaign servers were found to be hosted in Romania and Turkey. The campaign was observed as very persistent. It tries to access its servers multiple times until it can finally download the backdoor malware needed to steal information from its targets.

On the one hand, the Esile campaign was found using backdoor techniques as well to run several commands on target government networks in APAC. It was named as such because of the way that it is labeled on the debug stub of the malware that it uses. Note that the ESILE Campaign is part of a larger campaign that is also dubbed by other researchers as “APT0LSTU."

The latter half of 2013 also bore witness to a series of threat landscape updates that show the aggressive stance of present-day attackers. Majority of attack cases seen by Trend Micro researchers hit Taiwan and Japan. Government institutions remain on top of attackers' favored target list, claiming 80% of targeted attack numbers. Attackers also targeted the IT and financial services industries.

Bad actors prefer using tried-and-tested attack vectors such as spear-phishing emails, vulnerabilities, and malware. Research also shows that they are diversifying their victims all over the world.

Companies with traditional signature-based blacklisting solutions become more at risk as active targeted attack campaigns emerge and as existing ones continue to use more sophisticated methods. Given these, large enterprises and organizations need to implement Custom Defense—a security solution that uses advanced threat detection technology and shared indicator of compromise (IoC) intelligence. This unites the security infrastructure so it can detect, analyze, and respond to attacks that are invisible to standard security products.


Connect with us on