Unlike the typical malicious code attacks, which aim to affect as many systems as possible, targeted attacks focus on a specific user. Typical examples include cyber-crooks who use instant messaging to gain the trust of potential victims before sending them infected files.
Although many of these attacks use known malicious code, in the case of large companies, bespoke malware is often used to increase the chances of success. The malicious code becomes far more complex, as the objectives of the criminals attacking a large corporation are far more ambitious: financial theft, creation of botnets, stealing critical data, sabotage, industrial espionage, etc. These types of attacks are frequently bankrolled by organized gangs or rival companies.
Large companies are also potentially vulnerable to targeted attacks aimed at blackmailing the victim. The criminals demand money in exchange for not launching, say, a denial of service (DoS) attack or similar against the company. According to the SANS Institute, corporate data theft led to losses among companies in the Fortune 1000 list of almost 100,000 million euros. However, these types of incidents frequently go unreported by the largest companies in order to avoid collateral problems.
The "Protection of corporate networks against targeted attacks" white paper can be downloaded free from the Panda Software website.
