| dc.description.abstract | In recent years, information and communication technology (ICT) has developed rapidly in Taiwan. However, information security incidents emerge endlessly. Observing the past incidents in general indicate that not only private enterprises are easy to be invaded by hackers, but government organizations are also victims of “targeted attack.” The main purpose of this kind of attacks is stealing sensitive data not by traditional ways of hacking but by attacking weaknesses in human nature combined with “social engineering.” It perfectly utilizes zero-day attack, in connection with weak aspects of human nature, by skillfully attaching malicious files in e-mail and sending to targeted e-mail boxes. When government users are lured to check out the malicious files, they will lose command ability and hackers can successfully achieve the purpose of gradually infiltrating government organizations.
This study took a particular government agency, A, as an example and collected 173 malicious e-mail samples (new/unknown malicious e-mail when attacking) that the agency suffered in 2011 as the basis of analysis. The study, through research design and two analytical processes, extracted deep information and analyzed the information with association rules, and found the attack patterns and characteristics. Furthermore, the study compared the findings with malicious e-mail social engineering exercise in order to improve social engineering exercises and management of malicious e-mail attacks.
This study found that A agency was attacked by targeted attacks that conformed with the characteristics of advanced persistent penetration attacks (APT), and most attacks were malicious e-mail social engineering attacks. Facing such attacks, this study suggested A agency should improve its drill program for preventing malicious electronic social engineering attacks; In addition, the study suggests the agency to carefully inspect its “officers” and “the computers used by the officers” and proposes the active defense concept, MFAR (Monitor, Forensics, Analysis, Record), in order to reduce the opportunities of successful invasion.
| en_US |