Research Report on IT Security Inoculation
Targeted email attacks, where malware attached emails and the like are sent to specific companies, organizations or individuals, are recently emerging.
A typical tactic of targeted email attacks is as follows: an attack email is sent to a small group of targeted recipients. The subjects and contents of attack emails attract the recipients' attention by indicating relevant topics such as internal business communications, latest news topics, questionnaires, etc., and attempt to induce them to open attached files or clicking on URLs.
As a result, malware such as Trojan horse programs may be activated, or the recipient may be directed to a website that is embedded with such malware. Once the computer is infected by a malware, attacks tend to proceed to attempt to take control of the computer by embedding key-loggers.
Recently, further malicious tactics have been recognized where emails exchanged between companies or within organizations are stolen, and attack emails based on those stolen emails are created to launch very sophisticated attacks.
Damages of targeted email attacks are not publicized widely, however are considered to be serious.
Under such circumstance, JPCERT/CC has investigated the actual situation of targeted attacks and has evaluated inoculation methods. The outcomes were reported each fiscal year as "Research of Targeted Attacks" in 2006, "Research Report on Measures to Deal with Targeted Attacks" in 2007, and "Research Report on IT Security Inoculation" in 2008.
The research has revealed that targeted email attacks do indeed exist and that education and trainings based on inoculation methods prove effective to a certain level.
For further details, please refer to the "Research Report on IT Security Inoculation" (PDF).Signature
The Inoculation Research of fiscal year 2009 was subcontracted to Broad Band Security, Inc. (BBSec).