Introduction
In this article, we are going to look at targeted attacks in the world of Information Technology. We will look at how they are propagated, how they can be successful, and what can be done to mitigate such attacks.
Cybercrime
The expanding dependency on technology has brought about a lot of risk in the business world. Many businesses in recent years have chosen to keep their data on cloud platforms. Businesses are pushed to move to the cloud or involve IoT devices in their daily routines because of pressure from the expanding market or in some cases market competitions.
The truth of the matter is some businesses do not realize the amount of risk they are putting themselves in. Since 2010 the rise of cybercrime has risen significantly. In the same manner, different attack vectors have been modified and new ones have also come up. The positive side is that the information technology industry has made significant changes to the financial and social lives of individuals and businesses across the globe. The technological advancement has also exposed individuals and businesses to a great threat, which is cybercrime.
Cybercriminals exist on the public internet in a large network of hackers whose main aim is to manipulate internet programs such as websites and web applications for their personal gain. They also create markets where they can sell and publish their attack methods using models like Crime ware-as-a-Service and Internet Relay Chat (IRC) channels to keep their illegal activities hidden from legal attacks. On these platforms, these Cybercriminals market their illegal software, stolen information, bulletproof hosting servers, botnets, etc. The biggest targets in Cybercrime are normally banks and billing companies with intentions steal customer accounts information and technical data.
Targeted attacks
Most financial companies using the public Internet normally have a high level of IT security which includes Web Application Firewalls, Intrusion Prevention System which challenges the attackers to create complex methods to override the existing systems and be able to perpetrate their crimes. In some cases, these challenges may force them to try and get help from insiders.
Phishing
Employees may unknowingly help attackers by responding to phishing emails that pretend to be from within the company requesting organizational access passwords for testing purposes. This may lead to information leaks and the organization could lose a lot of money through such phishing attacks. So there is a need for organizations to educate employees on phish attacks and be on the lookout at every moment in time.
False identity
Attackers may make use of social media platforms such as Facebook to gather information about selected individuals and use this information for their phishing attacks. This way their phishing attacks look real because they have some information about the victim.
Normally, with targeted attacks, the criminal has an actual intention to perpetrate a particular crime which may be to get access to funds or useful information or to destroy a reputation or in some cases to destroy some valuable information to their advantage.
Forms of targeted attacks
Computer Viruses
Computer Viruses attach themselves to existing software codes and by so doing it is able to replicate itself causing further harm to other existing programs within that computer and network. Computer Viruses can be spread using devices such as a USB storage device.
Worm
A worm is a malicious program that spreads itself via a computer network taking advantage of vulnerabilities in the computer operating system.
Trojan horse
A Trojan horse is any malicious software that looks harmless but executes malicious code in the background which may cause harm to the system. Normally it available on the internet for download as a program plugin or screen saver but will execute other malicious code to the system which may cause malfunction of other already existing programs.
Spyware
Spyware exists in the host computer without being detected by the user and they collect and send information from the host computer to an attacker.
Botnet
This is a remote attack perpetrated by a third party through a server and creates a network of infections. The host (botmaster) runs a command-and-control (C&C) server which executes malicious codes (bot) on the clients. A bot regularly sends its information to the botmaster thus the botmaster always keeps track of the number of infected computers on its network. Over the years botnets now use a peer-to-peer model to infect victim computers. This means that any infected computer is able to run the (C&C) code to infect others.
Client-Server Architecture
Rootkit
A rootkit is a stealthy piece of software that may not be detected by ordinary malware scans. Rootkit kits may be used in other malware programs to enable their stealthy behavior.
Conclusion
Cybercrime has increased in recent years and attackers are becoming more equipped these days using different sophisticated techniques to take advantage of innocent unsuspecting individuals or organizations. It is a good practice to obtain security software such as anti-spyware software, anti-virus software, firewalls, and anti-malware software to continuously run routine checks on all machines and make sure that you are free from attacks. Targeted attacks can be very costly depending on the information that has been stolen, manipulated, or destroyed so it is very important that organizations and individuals are protected.