“Simple” attacks succeed.
The White House and Anthem ended up compromised through the familiar vector of spear-phishing with malicious payloads, according to Invincea’s 1H 2015 Advanced Endpoint Threat Report.
The malware used in both attacks were quite similar to conventional, “off-the-shelf” malware, and even similar to each other, Invincea said.
Having said that, technically sophisticated attacks are getting even more sophisticated.
A technique called “just-in-time” malware assembly, for example, has exploded in popularity. This approach evades network sandbox detection by assembling malware on the endpoint from benign-looking snippets of code, using white-listed scripting tools on the host. Such techniques end up enabled by the commercial availability and maturity of exploit kits and tools.
The reasons for the simple and sophisticated attacks lie in the diversity of what the bad guys want.
Nation-state actors conducting espionage target specific individuals at specific agencies and companies. They can afford to research their targets, gather email addresses, and craft persuasive socially engineered spear-phishing emails. It doesn’t matter if 99 percent of recipients delete the email, as it only takes one endpoint compromise to give the bad guy a crack in the door. Add on top of that the plethora of unpatched vulnerabilities in most organizations.
In contrast, cyber-criminals are running high-volume, low-touch operations. It’s all about scalability. Personalized emails are out. Malvertising driven attacks with Zero Day and recent exploits are in – to maximize the sheer number of compromises and do so as quickly as possible.
Bad guys inflicted more than half a $500 million of damage for roughly $6,000 in ad spend during the first half of 2015, said Invincea’s Patrick Belcher in the report.
Click here to register to download the report.