Looking Back at Three Years of Targeted Attacks: Lessons Learned on the Attackers’ Behaviors and Victims’ ProfilesReturn to TOC presented at FIRST 2014

by Olivier Thonnard,

Summary : Targeted attacks consist of sophisticated, low copy number malware developed by attackers having the resources and motivation to research targets in depth. In this talk, we analyze the main trends and characteristics of this escalating threat based on a large corpus of targeted email attacks identified by Symantec in the last three years (2011-2013). Using in-house developed forensics and attack investigation techniques, we analyze a series of notable targeted attack campaigns, like Elderwood, CommentCrew, and some others. We will highlight similarities but also some significant differences in the modus operandi and level of sophistication of attackers involved in these different malware campaigns. Finally, we look at the victim counter part by analyzing the profiles of the organizations and individuals who seem to be more specifically targeted by these spear-phishing attacks.