LA0jD

More documents

Recommendations

Info

TREND MICRO | TrendLabs 2014 Targeted Attack Campaign Report Data-Exfiltration Techniques • Threat actors abused legitimate cloud storage services such as OneDrive, Google Drive, Dropbox, Baidu Cloud Network Drive, Gmail, Plurk, Facebook, Twitter, Evernote, and Pastebin for data exfiltration. In such cases, stolen data was temporarily “parked” on legitimate platforms to evade detection and for easy transfer. • Use of the victims’ Web and File Transfer Protocol (FTP) servers and portals was also seen, along with the continued employment of traditional C&C servers for data exfiltration. 16 | Targeted Attack Trends
Tried-and-tested and newly discovered zero-day vulnerabilities continued to be exploited in attacks. Exploiting new as opposed to old vulnerabilities proved more effective because security vendors have yet to create patches for them. Zero-day exploits can catch security vendors and victims alike unawares. On the other hand, targeting old vulnerabilities also proved reliable because attackers can just use tried-and-tested exploits that may be easily bought. 17 | Targeted Attack Trends
Page 1 and 2: Targeted Attack Trends 2014 Annual
Page 3 and 4: Introduction Targeted attacks, aka
Page 5 and 6: Attributing targeted attack campaig
Page 7 and 8: TREND MICRO | TrendLabs 2014 Target
Page 9 and 10: Highly specific configurations did
Page 11 and 12: Targeted attack tactics continued t
Page 15: TREND MICRO | TrendLabs 2014 Target
Page 21 and 22: Targeted attacks remained a global
Page 25 and 26: Cybercriminal adoption of targeted
Page 33: Created by: The Global Technical Su

LA0jD

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?