It only takes one employee to click on a link to cause a full-blown data breach.
How to stop espionage attemptsĭefending against an attack orchestrated by an APT is no easy feat. It’s obvious that they’re veteran operators, with the knowledge of how to fly under the radar by maximizing their use of operating system features, legitimate tools, or Trojanized versions of legitimate tools,” O’Brien said. “It had all the hallmarks of a classic cyber espionage operation, from the attractive initial lure of a fake job offer, to their ability to obtain credentials, move laterally across the target’s network and ensure that they maintain a persistent presence on the network in order to get the data they’re looking for. This latest attack has highlighted that spear phishing is one of the most powerful tools that threat actors have at their disposal, as an attacker only needs to trick an employee into clicking on a single malicious link or attachment to gain a foothold in the environment.Ī single click on a link or attachment can infect their computer with malware and provide an access point to the network where the attacker can start working to establish lateral movement throughout the network to locate critical data assets that they can steal. We’ve seen Operation Dream Job hit a wide range of sectors at this stage, To protect themselves, organizations should adopt a defense in-depth strategy, using multiple detection, protection, and hardening technologies to mitigate risk at each point of the potential attack chain,” said Dick O’Brien, principal intelligence analyst for the Symantec Threat Hunter Team. “The first thing to say is that espionage operations of this kind can and do target private organizations.
Now with Lazarus using these espionage tactics to steal intellectual property, more attackers are going to start to imitate these techniques to gain access to protected information and regulated data across all sectors. MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.