Sophisticated targeting is one of the most important trends in security right now. Although most of the malware and attacks we see are still un-targeted, the biggest and most damaging ones are highly targeted.
A random attack like a ransomware incident should be no more than an annoyance to a reasonably prepared business. Employees can be trained to avoid clicking on links or attachments in suspicious emails.
However, the same is not true of targeted attacks. A masterfully crafted spear phishing email will fool just about anyone, even the most savvy or expert users. Attack emails will come from people the victim knows and will be written in that person’s style and be completely appropriate to their topics of discussion. Attachments and links will appear normal and expected…
For those interested in a deeper dive on the trend towards targeted attacks and techniques for defending against them, I will be presenting “In the Crosshairs: The Trend Towards Targeted Attacks” at BSides San Francisco on February 28th.
I will discuss several targeting case studies and lessons we can take from them to better defend ourselves.