Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat
Botnet Stuxnet, Hydraq, Sykipot, Nitro, Taidoor
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012
Editor/Conference RAID 2012
Link
DOI: 10.1007/978-3-642-33338-5_4
Author Olivier Thonnard, Leyla Bilge, Gavin O’Gorman, Seán Kiernan, Martin Lee
Type Conference paper or presentation

Abstract

Recent high-profile attacks against governments and large industry demonstrate that malware can be used for effective industrial espionage. Most previous incident reports have focused on describing the anatomy of specific incidents and data breaches. In this paper, we provide an in-depth analysis of a large corpus of targeted attacks identified by Symantec during the year 2011. Using advanced triage data analytics, we are able to attribute series of targeted attacks to attack campaigns quite likely performed by the same individuals. By analyzing the characteristics and dynamics of those campaigns, we provide new insights into the modus operandi of attackers involved in those campaigns. Finally, we evaluate the prevalence and sophistication level of those targeted attacks by analyzing the malicious attachments used as droppers. While a majority of the observed attacks rely mostly on social engineering, have a low level of malware sophistication and use little obfuscation, our malware analysis also shows that at least eight attack campaigns started about two weeks before the disclosure date of the exploited vulnerabilities, and therefore were probably using zero-day attacks at that time.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1306,
   editor = {RAID 2012},
   author = {Olivier Thonnard, Leyla Bilge, Gavin O’Gorman, Seán Kiernan, Martin Lee},
   title = {Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat},
   date = {19},
   month = Jul,
   year = {2012},
doi = {10.1007/978-3-642-33338-5_4}, howpublished = {\url{}}, }