The majority of attacks are opportunistic rather than targeted, which businesses struggle to detect and contain.
According to a report by Trusteer and Ponemon Institute, 53 per cent of 755 IT security professionals have experienced “opportunistic” attacks, compared to 16 per cent who believe that an attack was targeted at them. Of those surveyed, 55 per cent said that they had “some involvement” in preventing or detecting those targeted attacks.
Trusteer senior security strategist George Tubin told IT Security Guru that the majority being opportunistic did not surprise him, nor did the time taken to detect and mitigate as it “takes time to find it and detect it immediately”.
He said: “With RSA, they didn’t catch it until the criminals stole the core of their data for their two factor tokens. It is a case of how long the criminals are in and what do they do before they download. The average time to be caught is 225 days and organisations do not usually find APT attacks until the attacker has got what they needed.
“44 per cent said that they can contain an attack, while 49 per cent can detect, but what if they have detected before anything was stolen and shut them down, as far as they know!”
The majority of respondents (67 per cent) claimed that there had been no change in the frequency of opportunistic attacks over the last 12 months, which Tobin claimed was typical as it is fairly easy to launch such an attack through an email blast, while launching a targeted attack involves research.
“It is like fishing with a big net, and maybe you will catch a big fish, but what we see with targeted attacks is advanced techniques is cyber criminals are paying for zero-day vulnerabilities and they can target an organisation and we see vulnerabilities that no-one knows and it reduces the chances of getting caught.
“With a targeted attack, it is more work and you reduce the reach and who to send to, and what you get out of it; while with opportunistic attacks you use malware and vulnerabilities rather than investing time into it, so there will be more use of sophisticated methods as it is easier to prevent than targeted attacks.”
In terms of the frequency not changing, Tobin said that the cyber criminal landscape changes and we will see targeted attacks mainly against financial companies. “Some will do advanced attacks to see what they can catch, but we see many cyber criminals moving to fund attacks and do finer targeting. We see significant operations in targeted attacks and sophisticated techniques.
“Organisations are aware of APT and how it has changed over time. There is a huge need for new technologies that work and security leaders need budget and to fix problems as there is a goal to make it happen. Things are changing and we are not there yet.”