ABSTRACT
For several years, cybercriminals have been using targeted attacks to obtain access inside corporate networks. Recently, two major developments have been observed in this field.

First of all, we are seeing an increased sophistication in the malware types used in these attacks. Ranging from heavy encryption and obfuscation, up to 0-day exploits, at the time of the attack, most malware is undetected by conventional antivirus software.

Secondly, the attackers have started to rely more on personal information that is unwittingly posted on social networks, on a daily basis, by the employees. Building very careful profiles, the attackers are able to identify the people inside your organization that are most likely to fall victim to such advanced social engineering.

Usually, targeted attacks come with serious consequences, as recent public examples have shown. Given the popularity of intellectual property theft and corporate espionage, it is becoming extremely important to implement new, effective security strategies.

This presentation aims to discuss all aspects of targeted attacks and how social networks are playing an important role here. We will explain how to recognize these attacks and we will show how an organization can protect itself against these attacks effectively. A live demo will be included in the presentation to show how such an attack works.

KEY POINTS

• What are the targeted attacks and how dangerous can they be?
• How are social networks and web 2.0 helping cybercriminals to automate their attacks?
• Demo of a targeted attack which combines a 0-day exploit with social engineering
• 7 steps to efficiently protect an organization from targeted attacks
• The future is already here: automation and targeted attacks