Targeted attacks are an evolution of espionage to target a specific organization in order to steal information, modify information, or destroy information or systems. On the other hand, opportunistic attacks (see previous post) target a specific technology without caring about who uses it. Targeted attacks are technology agnostic as the attackers have the resources and determination to use whatever techniques or technologies work.
Attackers who run targeted attacks are most of the time organized to have information about their target. For instance, they can have a copy of the organization chart, a list of people that click on spear-phishing emails attachments or URLs, who has access to the information they want, etc.
Here is what attackers will typically do:
Based on our experience there are 3 mitigations that, if applied, would have prevented, disrupted or limited the impact of real world targeted attacks.
When we look at how to be prepared for an incident there are 5 aspects that you need to master.
We recently published a short series of videos that introduce many of the topics covered in a series of whitepapers that are designed to help organizations understand and manage the risks posed by targeted attacks by determined adversaries. These papers include:
Find the videos from this Microsoft Security Blog post.
Next I’ll talk about the security features that are available in your Microsoft software that you might not be using already and which could be very beneficial for you to implement. Later, I’ll dig into more details about the Top 3 Mitigations. Stay tuned.