Hackers many times use basic malware to gain partial access to a secure system. Once this has been successful the hackers can start to try to find additional information. This could be data specific to that business since they now have a foothold in the system. By gaining more specific information using the malware already infecting a compromised server(s), they begin to construct custom targeted malware to further exploit the system.
Targeted malware is a new laser targeting method of breaching secure systems with unfortunate success rates.
Hackers find specific weak points in a supposedly secure system.
Dedicated server defenses fail to thwart attacks every single time.
The single targeted breach from a hacker is all it takes for a successful devastating intrusion.
Targeted Malware Doesn’t Look Like Malware
Malware is not always crude email phishing attempts. They are in most cases easy to spot even for novices in the Internet of Things world we live in. Targeted malware is customized to a specific online business just by imitating emails based on similar industries as the target. An online business accepting PayPal payments from its customers would receive PayPal like phishing emails. This is targeted malware in its basic form.
Successful attacks need to go undetected for as long as possible to be deemed successful by the attackers. Not knowing how an attack was successful once discovered is just as bad. It will in most cases simply just happen again. A worst-case scenario for any online business is backdoor communication between the hackers and the dedicated servers. Administrators need to know about instructions ASAP.
Targeted Malware and Good “People Skills”
Finding employees who are the least knowledge is in many cases a “good” start for hackers. Starting with easy targets is the simplest way to gain access. Hackers generally do not start with the hardest to gain access points. They start with the easiest paths first. That in many ways, is what every online business wants to achieve, however. To force hackers to give up and move on since the usual easy points of entry are a no-go.
Once cybercriminals gain access to the most basic part of a system:
They proceed from there to further their attacks
Look for additional pieces of information specific to that company by:
Sending legitimate-looking emails (phishing)
Access requests such as lost password retrieval
Fake software updates etc.
In many cases, the initial targeted attack can be human-to-human based. A simple phone call pretending to be someone they are not asking (or demanding) access because their “job depends on it” and they are the only ones who can help them.
A hacker with very good people-skills can in many cases be the most damaging to a business. A targeted and highly customized malware exploit will assist the hackers with this. By exploiting an employees sympathy and good-hearted nature, several security measures are easily and quickly bypassed in a flash.
Hackers Don’t Always Use Computers to Obtain Access.
Another example of targeted malware is spoofing an email. It will seem to come from a place that several employees frequent, such as a golf course, restaurant, or any number of the various club memberships that exist. In the email is an attachment such as a pdf file which looks innocent enough. This could be about news of the establishment employees frequent until it is realized that the pdf files contained malware that slipped past the email server security scans. Bringing in data files from outside the system will circumvent server security.
The Great Bank Robbery is a good example of how phishing and malware can be carried out even in the supposedly most secure of places. It just goes to show, that everyone can be a target regardless of size. The longer malware remains undetected the more damage it will inflict. This will be either financially or to a firm’s reputation and/or both. Many times their clients, unfortunately, have to suffer the consequences.
Custom targeted malware can be especially difficult and troublesome when it comes to identifying the culprit of the attack. In many cases, it is an inside job. This could be a former or current employee since the custom malware required significant specific knowledge on a firm’s cyber defenses. However, in many cases, cybercriminals are more than happy to misdirect an investigation into making it look like an inside job.
It is vital to prevent hackers from getting a “foot in the door” via targeted malware attacks. Ensuring employees know about several tactics cybercriminals use can prevent them from becoming the gateway to bypass a firm’s defenses.
Cyber defenses are only as strong as its weakest link in the chain.
Comments