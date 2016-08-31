The news is filled with stories on what we assume are targeted attacks. The victimized organizations include Sony, the Office of Personnel Management, Adobe and Home Depot. These occur when an adversary preselects a victim (target) with a specific goal. We often think of these as attempts to steal data (credit card data, health information, company secrets and even personal information from fishing licenses). However, the attacker’s goal can also be service disruption in critical infrastructure, or business disruption (particularly in cases of “hacktivism”).



Targeted attacks require planning. This usually includes a reconnaissance phase, where attackers learn all they can about the target’s IT stack and application layers, or profiles from social media such as Facebook and LinkedIn. Next the attacker may do further probing of the target’s perimeter to determine its security defenses. Once the attacker has identified specific weaknesses, the actual attack can commence against the perimeter, applications, individuals or the supply chain (as in the case of Target).