Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat

  • Olivier Thonnard
  • Leyla Bilge
  • Gavin O’Gorman
  • Seán Kiernan
  • Martin Lee
Conference paper

DOI: 10.1007/978-3-642-33338-5_4

Volume 7462 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Thonnard O., Bilge L., O’Gorman G., Kiernan S., Lee M. (2012) Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat. In: Balzarotti D., Stolfo S.J., Cova M. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2012. Lecture Notes in Computer Science, vol 7462. Springer, Berlin, Heidelberg

Abstract

Recent high-profile attacks against governments and large industry demonstrate that malware can be used for effective industrial espionage. Most previous incident reports have focused on describing the anatomy of specific incidents and data breaches. In this paper, we provide an in-depth analysis of a large corpus of targeted attacks identified by Symantec during the year 2011. Using advanced triage data analytics, we are able to attribute series of targeted attacks to attack campaigns quite likely performed by the same individuals. By analyzing the characteristics and dynamics of those campaigns, we provide new insights into the modus operandi of attackers involved in those campaigns. Finally, we evaluate the prevalence and sophistication level of those targeted attacks by analyzing the malicious attachments used as droppers. While a majority of the observed attacks rely mostly on social engineering, have a low level of malware sophistication and use little obfuscation, our malware analysis also shows that at least eight attack campaigns started about two weeks before the disclosure date of the exploited vulnerabilities, and therefore were probably using zero-day attacks at that time.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Olivier Thonnard
    • 1
  • Leyla Bilge
    • 1
  • Gavin O’Gorman
    • 2
  • Seán Kiernan
    • 2
  • Martin Lee
    • 3
  1. 1.Symantec Research LabsSophia AntipolisFrance
  2. 2.Symantec Security Response, Ballycoolin Business ParkDublinIreland
  3. 3.Symantec.cloudGloucesterUK