Real-world cyberthreats: detection of the malicious email and subsequent intrusion can be extremely difficult. Spending an extra two seconds to hover over links to verify the actual website will have an advantage over not-so-savvy users.

Author:Habersetzer, Vernon

They're at your doorstop. In fact, they're likely inside your network. You just don't know it yet. There are several methods used by adversaries to infiltrate company networks and steal data, but there are several equally effective recommendations on detection and prevention.

If a person were to put themselves in the mindset of an adversary, what information would they be after? Intellectual property? Mergers and acquisitions (M&A) details? The latest emails between two executives? Information deemed valuable or essential to a company's competitive advantage may be worth an adversary's time to steal. This is especially the case for organizations in the technology, energy and manufacturing sectors, where stealing research and development (R&D) data is the cheapest and fastest route to manufacturing an equivalent or superior product at a lower price.


Despite not being slick enough to be scripted by Hollywood, email tends to be the favorite attack vector used by adversaries targeting individuals.

Here's how the attack works: The adversary will conduct research regarding the targeted person to determine what kind of email they would expect to receive. Social media can make it very easy for the adversary to learn about the target's interests, organizations with which they are affiliated, people with whom they are connected, etc.

Based on that research, a legitimate-looking email will then be crafted to appear as if it came from a person or organization familiar to the target. The email will likely contain an innocent looking attachment or Internet link, which will actually contain malicious code that, if opened, will silently establish a line of communication to the target's computer. That line of communication is then used by the adversary to download malicious software to the computer that may allow the adversary to have full access, including keystrokes typed by the target and snapshots of whatever is on the target's screen.

Detection of the malicious email and subsequent intrusion can be extremely difficult, especially if the attack was well thought out. However, users who spend an extra two seconds to habitually hover over Internet links to verify the actual website they will he taken to if they click on that link, will have an advantage over not-so-savvy users.

Other common methods of intrusion revolve around vulnerable servers and applications that allow the adversary to compromise a system or data directly from the...

To continue reading