Trend Labs shares techniques for spotting targeted attacks, which are highly specific and designed to blend into corporate email or other resource functions in a highly legitimate manner.
QUOTE: Targeted attacks are designed to circumvent existing policies and solutions within the target network, thus making their detection a big challenge. As we’ve stressed in our previous entry about common misconceptions about targeted attacks, there is no one-size-fits-all solution against it; enterprises need to arm themselves with protection that can provide sensors where needed, as well as IT personnel equipped enough to recognize anomalies within the network and to act accordingly.
1. Check for Injected DNS Records
2. Audit Accounts for Failed/Irregular Logins
3. Review Security Warning messages and logs
4. Check for Strange Large Files
5. Audit Network Log for Abnormal Connections
6. Abnormal Protocols
7. Increased Email Activity and Spikes