Saturday, February 8, 2014

[fireeye] Targeted Attacks in 2013: Israel

Well-funded and highly motivated threat actors have evolved their techniques from generic, opportunistic, and scattershot attacks to an approach that is targeted, resilient, and evasive.
The findings, based on data gleaned from FireEye Dynamic Threat Intelligence (DTI), are alarming:
  • More than 1.5 APTs per hour were detected
  • 40 APT variants were identified
  • More than half of all callbacks from Israeli targets appear to contact first-tier CnC nodes based in the U.S.
  • The volume of detected malware quadrupled between January and December
  • Defense/airlines, government, and financial services were the most-targeted verticals
Figure 1 shows the volume of cyber attacks aimed at Israeli systems over the last year.
April and September 2013 surge
Figure 1: Attacks, by volume
April and September 2013 Surges
Some spikes in activity can be tied to external events:
  • April/May 2013: This surge possibly stemmed from an Anonymous campaign (#op-Israel) launched against Israel in April. And a group supporting embattled Syrian president Bashar al-Assad reportedly attacked Israeli infrastructure in May in an attempt to retaliate against a Israeli bombing in Syria.
  • September/October 2013: The Jewish New Year holiday lasted through September, giving threat actors an opening to infiltrate organizations during worker vacations.
APTs are an everyday reality
Figure 2 shows the types of attacks against Israeli systems in 2013 by category.
Detection Type Distribution
Figure 2: Detected cyber attacks,  by type
Common viruses remain the most common form of attack. But APTs are second at a whopping 25 percent of all attacks.
(Although backdoors, Trojans, info stealers, malware binaries, and malicious URLs are all used in APT attacks, they also enable a wide range of broader attacks, such as cyber crime. The APT category in Figure 2 includes only advanced targeted attacks, even if they involved components listed in other categories.)

APT Campaigns
Among the many APT campaigns FireEye identified in 2013, the following targeted Israel:
Outlook for 2014
The findings in this blog post suggest that the threat landscape evolved considerably in 2013. APT attacks grew more frequent, becoming an unfortunate everyday reality for Israel.  Many organizations rely on traditional security controls that use decades-old signature detection techniques. Built for an earlier age, these techniques are no match against today’s fast-moving, constantly morphing threats, which exploit zero-day vulnerabilities and other unknown threats. In today’s evolving threat landscape, Israeli organizations must reevaluate their security posture.

No comments:

Post a Comment