Why targeted attacks remains undetected
Oct 31st, 2012 by Jesper Kråkhede
Some months ago I wrote a post regarding You3, a model to classify risks with regards to the targeting profile. Looking at bank attacks today we see that they are a lot more targeted and that they remain undetected for a lot longer. The real question is: why are the harder to detect? The most obvious is of course that the number of samples is a lot less but living in a world where even a single attack should be identified this should not pose a problem, but still it does? The problem is that even if we may classify the attacks according to You3 and map security mechanism accordingly we still rely on You Have-based monitoring tools and vendor updates. Whenever you identify a You Belong or You Are-type risk you need to think through how your defence mechanisms, including logging and analysis systems, should work to capture targeted attacks.