![Page 1: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/1.jpg)
![Page 2: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/2.jpg)
Why Targeting Is the Next Big Trend in Attacks
Lance CottrellChief Scientist
Ntrepid Corporation
2
![Page 3: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/3.jpg)
![Page 4: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/4.jpg)
If you got an e-card from your mother on your birthday, with your childhood picture
4
would you open it?
![Page 5: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/5.jpg)
The Fraction of Companies Which Said:
“Targeting is a concern or inevitable”
![Page 6: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/6.jpg)
Most Companies are TargetsQuocira Study
![Page 7: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/7.jpg)
Targeting Big Fish
![Page 8: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/8.jpg)
The Email Threat
» Two Realities:• Masterfully crafted spear
phish will catch almost everyone
• People need to click to work
![Page 9: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/9.jpg)
The Browser is the Biggest ThreatThe Browser is the Biggest Threat
![Page 10: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/10.jpg)
Targeted Attacks
![Page 11: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/11.jpg)
Spear Phishing
![Page 12: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/12.jpg)
Un-targeted Attacks
![Page 13: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/13.jpg)
Targeted
![Page 14: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/14.jpg)
Made you click!
![Page 15: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/15.jpg)
Social Engineering
![Page 16: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/16.jpg)
Not just a Watering Hole
![Page 17: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/17.jpg)
Snipers at the Watering Hole
![Page 18: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/18.jpg)
Do you read news online?
Do you feel at risk?
![Page 19: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/19.jpg)
![Page 20: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/20.jpg)
Waterbug / Turla
![Page 21: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/21.jpg)
Dark Hotel
![Page 22: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/22.jpg)
![Page 23: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/23.jpg)
![Page 24: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/24.jpg)
Stay Below the Radar
![Page 25: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/25.jpg)
![Page 26: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/26.jpg)
![Page 27: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/27.jpg)
![Page 28: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/28.jpg)
Conserves Zero-day Exploits
![Page 29: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/29.jpg)
More Damaging
![Page 30: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/30.jpg)
DNC Emails
![Page 31: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/31.jpg)
Stuxnet
![Page 32: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/32.jpg)
Am I a Target?
» Obvious high profile individuals» Access to valuable data» Access to exploitable data» Access to money» Access to networks» Access to people» Obviously weak defenses
![Page 33: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/33.jpg)
Can We Avoid Targeting?
![Page 34: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/34.jpg)
Email is Really Hard
» No organizational domain» No correspondence with org» Work in full alias
![Page 35: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/35.jpg)
On the Web, Maybe
» Delete cookies» Hide IP address» Scrub persistent trackers» Mask browser fingerprint» Disposable VM with VPN
![Page 36: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/36.jpg)
What does targeting mean for our
defensive strategy?
“Bummer of a birthmark, Hal.”
![Page 37: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/37.jpg)
You can’t train your way out of this
![Page 38: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/38.jpg)
You can’t train your way out of this
You can fool some of the people all of the time
ANDYou can fool all of the people
some of the time
![Page 39: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/39.jpg)
Detection works worst when you
need it most
![Page 40: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/40.jpg)
We need next generation security
![Page 41: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/41.jpg)
Damage Reduction
![Page 42: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/42.jpg)
![Page 43: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/43.jpg)
![Page 44: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/44.jpg)
![Page 45: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/45.jpg)
Isolation
![Page 46: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/46.jpg)
Leverage Virtualization
» Enables isolation» Easy remediation and restoration» Keep them small
![Page 47: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/47.jpg)
Recover…whether or not you detect anything
![Page 48: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/48.jpg)
Keep your boxas empty as possible
![Page 49: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/49.jpg)
Remember
![Page 50: (ISC)2 2016: Why Targeting is the Next Big Trend in Attacks](https://reader035.vdocuments.mx/reader035/viewer/2022070510/58ac507c1a28ab8e258b469d/html5/thumbnails/50.jpg)
To Do…