Why Targeted Attacks Succeed

Bots and BotArmies represent an ideal platform for launching a wide variety of highly profitable targeted attacks. They are exceptionally stealthy. They easily evade signature or behavior-based defenses, whether across the enterprise or on individual systems. They mimic normal application and service behavior. And they change their core programming as frequently as every 30 minutes, which is far faster than signature-based solutions can update their databases.

Damballa's easy-to-use reports give security and IT staff critical information on targeted attacks that attempt to connect with internal network resources...

BotMasters organize bots into BotArmies. Also called botnets or zombie armies, a BotArmy is a logical grouping of bot-compromised systems, organized around specific command-and-control (CnC) infrastructure. Each BotArmy can contain hundreds of thousands or even millions of bots spanning tens of thousands of networks. A common management and coordination layer links members into an effective, resilient and malicious weapon.

Another challenge lies in the misperception that targeted attacks only affect other enterprises. The reality is that these threats do not differentiate between target and victim, and often perform industrial espionage inside the enterprise while seeking additional external targets.

As well as compromised systems inside the enterprise that try to launch attacks or communicate with unauthorized external controllers.

Of the hundreds of thousands of malware samples in Damballa's Knowledgebase, more than 40% escape detection by antivirus and intrusion detection/intrusion prevention systems. The reason is simple. AV and IDS/IPS are powerful, effective and necessary tools, but they were designed to fight a different type of attack. Targeted attacks are a new type of threat. They change their code and alter their behavior to mimic normal traffic. There are no signatures or other distinctive elements within a bot for AV or IDS/IPS to identify.

Clearly, targeted attacks have changed the game. But fighting targeted attacks such as BotArmies doesn't have to be a losing battle against a constantly moving target. These threats have identifiable constants that can be used against them. They can be defeated, but it takes a very different strategy to make it happen. Damballa has that new approach.

• Want to know more? Click here to download a case study.
• Click here to learn more about our enterprise and OEM solutions.