Joe Stewart, a longtime researcher at Dell SecureWorks, said manufacturers or distributors in the supply chain and services organizations, such as small law firms, could be at risk of an attack. The attacks commonly begin with a spearphishing email and, if successful, the cybercriminal organization can hop from system to system, remaining stealthy for as long as it takes to achieve its objective.
"It can be unexpected where they might pop up," Stewart said of a targeted attack. "If you are likely to have something they're interested in or if you are doing something to annoy them then, yes, you have to look at all the services you trust around you that you are using in order to conduct business or keep yourself private."
[Related: 5 Most Dangerous New Hacking Techniques ]
Security firms have been documenting advanced persistent threats and have warned that intellectual property is being stolen at alarming rates. Alexandria, Va.-based security firm Mandiant issued a report documenting as many as 20 China-based groups that it suspects are being controlled by the Chinese government. A rash of data breaches, from The New York Times to Facebook and Apple have illustrated that no organization is immune.
"They might not care about your IP, but they might entrench themselves in a network to make sure they can always use it as a conduit," Stewart said.
Dell SecureWorks is expanding its incident response services, providing organizations with a threat assessment to determine a company's ability to detect, respond to and resist a cyberespionage attack. The expanded services include an assessment for withstanding denial-of-service attacks, a tool that some experts believe can be used by attackers to throw off incident response teams.
Successful attacks are increasingly being uncovered. In late February, Kaspersky Lab released information about targeted attacks against 59 organizations in 23 countries, including organizations in the U.S. The goal is to steal data and spy on the infected system, according to analysis of the malware found on victim machines. The attacks all share the same exploit -- an Adobe Reader zero day -- and Kaspersky identified it as MiniDuke because it resembles an earlier targeted attack called Duqu. Once inside, communication is encrypted, more malware can be downloaded and the attackers have remote access to hop to new systems on the corporate network. The group behind the attacks remains a mystery.
"This is something that appears to be cyberespionage but it doesn't tie back to any place in the world that anybody has found yet. So it's a mystery, and that's the kind of things that inspire us to dig deeper," Stewart said.
Stewart and Silas Cutler, a Dell SecureWorks security researcher, are sharing their sinkholing tools and techniques with other security researchers. The goal is to glean new insight into the hordes of data being captured in sinkhole servers and avoid duplication of work, Cutler told CRN.
Cutler calls the new sinkhole technique Proximity. He said it was developed to help dial down the unwanted noise in Internet traffic to identify and analyze interesting data. Last year SecureWorks researchers took control of a domain at a university used by a group of hackers known for its advanced persistent threat activity and determined that the target of the campaign was the university's research laboratory, which does military research projects.
"We're classifying data and starting to identify and weed out which parts of malware families are commodity and which parts are APT," Cutler said. "We saw someone with a 'World of Warcraft' botnet stealing passwords and on the other side we saw targeted attacks where there are clear motives and objectives."
PUBLISHED MARCH 11, 2013
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

BlackBerry
BlackBerry Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

NPD
Industry Trends 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

StorageCraft
Disaster Recovery Learning Center

APC by Schneider Electric
IoT Platforms 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

WatchGuard
WatchGuard

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Tenable
Cyber Risk 360

Wasabi
Wasabi

Dell Technologies
Dell Technologies Server Learning Center

HubStor
Cloud Backup 360

Carbonite
Cloud Storage 360

Comcast
Comcast Business Learning Center

Trend Micro
Managed Security 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Veeam
Veeam
