Threat actors targeting the Asia Pacific (APAC) region are continually refining their targeted attack tactics, which allows them to remain undetected. At the same time, old vulnerabilities resulting from unpatched software and applications are being exploited to the fullest.
This is according to a H1 2014 Targeted Attack Trends Report conducted by security software company Trend Micro.
The report also revealed that spear-phishing emails are the most common infection vector for infiltrating networks, with almost 80 percent of the targeted attack malware arriving via email. Typically sent to employees in target organisations, spear-phishing emails convince recipients to either click a malicious link or download and execute a malicious file. Some of the most common email attachments used to deliver payloads include Microsoft Office documents (57 percent) and RAR files (19 percent), as they commonly change hands in any organisation.
Another method used to infiltrate target networks is compromising websites that are frequently visited by employees. When their target employees visit these compromised sites, their systems get infected.
Zero-day as well as tried-and-tested exploits are also found to be prominent in the targeted attack landscape. This worked as some IT administrators in the region forwent applying security fixes to their networks due to a fear of disrupting critical business operations. Additionally, threat actors favoured Microsoft Office (53 percent) and Adobe Reader (46 percent) as the most common software vulnerability exploitation targets.
Most of the malware used in targeted attacks were Trojans or Trojan spyware (53 percent), followed by backdoors (46 percent). Backdoors typically aid in establishing C&C communications and executing remote commands, while Trojans and Trojan spyware aid in downloading the final payload and exfiltrating data.
Notable campaigns for 1H 2014
The report cited two notable campaigns for the first half of this year, namely Siesta and ESILE.
According to the report, Siesta is named due to its final payload's ability to receive sleep commands, which allowed it to stay dormant for various periods of time and in turn, evade detection. Threat actors behind this campaign sent emails containing legitimate-looking links to chosen executives in specific organisations using fake email addresses of supposed colleagues.
Another campaign, ESILE, targets APAC government institutions. ESILE was delivered via spear-phishing emails sporting varying social engineering lures that had to do with health care and taxes, among others. The emails contained a seemingly harmless document that when opened, actually executes a malicious file in the background.
Other APAC targeted attack campaigns that were still actively running in 1H 2014 include IXESHE, PLEAD, ANTIFULAI, and Taidoor.
"The efficacy of targeted attacks this year so far indicates that organisations still struggle to understand targeted attacks. One possible misconception is that targeted attacks are one-time efforts, whilst in reality they are well-planned and can be launched several times until they successfully compromise intended network targets," said Dhanya Thakkar, Managing Director, APAC, Trend Micro.
Sign up for CIO Asia eNewsletters.