How do the cyber spies infiltrate your systems?
A typical targeted attack will exploit multiple weaknesses to achieve its ultimate goal: usually to steal information or compromise a specific account. A particular user in an organization might be targeted via a well-crafted, believable email (a technique called "spearphishing") and might inadvertently help install spyware via his or her PC.
Some attacks can originate by hackers gaining access to publicly available information and correlating it. While not every piece of information posted on the Internet is sensitive, when combined with other data on the Web as well as additional information posted by other companies, a pattern can begin to emerge.
"You are able to put together pieces of nonsensitive information to figure out or to deduce sensitive information," notes PricewaterhouseCoopers' Lobel.
Perhaps an attacker might exploit a security or configuration weakness of an externally accessible system or application, with the aim of gaining user credentials or establishing a surveillance point.
Attackers can also exploit publicly known or nonpublicly known technology vulnerabilities. And to access truly sensitive information, they can resort to tactics such as bribery.
During a targeted attack, more than one system or application-level vulnerability could be directly exploited. Once a single system or account is compromised, virtually the entire environment can be gradually traversed until the ultimate goal of the attack is achieved.
Often, the attackers place monitoring software in out-of-the-way locations and systems, such as log servers, where traditional IT security methods aren't looking for intrusions. They collect the data and send it out, such as via FTP, in small amounts over time, so they don't rise over the noise of normal traffic and call attention to themselves.