Most of the attacks that have dominated the headlines lately could have, and should have been prevented – as they all started with basic methods. This is the stance taken by the EU’s European Network and Information Security Agency (ENISA) in a recent report published on Wednesday.
ENISA says that organizations in the EU need to wake up, because they’ve examined recent major attacks, which are “characterized by old attack methods, being given a new edge because they are being used in a smarter, more targeted way.”
“These targeted attacks follow a common and well-known pattern. Attackers send an apparently genuine email, which is in fact a spear-phishing attempt. The email contains a link to an internet page containing malware, or it contains a maliciously prepared attachment. The malware is able to exploit software vulnerabilities to allow the attacker to gain sufficient control over the target and to start gathering intelligence.”
The gathered intelligence is then used to attack other systems or people within the organization, which leads to the often over-hyped and sensationalized APT. It isn’t that sophisticated attacks don’t happen – they do – but many of them could have been prevented, or at least the damage seriously limited.
“Well known cyber-attack methods, such as spear-phishing, are still very effective. However, much can be done to counter these attacks – by making users aware of traps, and by ensuring that better security measures are in place. In cyberspace, it is difficult to be sure where attacks originate, so the focus should be on preventing and mitigating attacks, regardless of where the attackers are based,” said ENISA’s Executive Director, Professor Udo Helmbrecht in a statement.
The fact that organizations use anti-virus and anti-spam protections doesn’t mean ultimate protection, ENISA said, as these layers fail if the attack is persistent. Filters work against large-scale phishing attacks, but the smaller – targeted attacks, often slip past them unnoticed.
“The attacks discovered recently had gone unnoticed for years probably because attackers were targeting few victims, making sure antivirus companies did not easily spot them,” the report explains, noting that in reality – the inherent insecurity of email itself is to blame, making it easy for an attacker to spoof someone.
In the short-term, encrypted communications can help lessen the impact of targeted attacks, as are other solutions such as DMARC, DKIM, or SPF. In the long-term, ENISA said, governments, industry, and businesses need to investigate alternative communication channels.
The full report is available online.
