Font Size Change

HOMEIT Security"The System Design Guide for Thwarting Targeted Email Attacks" Released

PRINT PAGE

IT Security

"The System Design Guide for Thwarting Targeted Email Attacks" Released

Information-technology Promotion Agency,Japan
Last Updated: December 6, 2013
>> Japanese

Targeted email attacks have been posing a serious threat to security worldwide these days. IPA has released the System Design Guide for Thwarting Targeted Email Attacks to provide a full picture and characteristics of targeted email attacks and the countermeasures to thwart the attacks at the system design level.

Overview of the System Design Guide for Thwarting Targeted Email Attacks

In Japan, targeted email attacks were first spotted in about 2005, mostly targeting the government agencies. They have been around for a quite some time now, yet continue to be a real threat. One reason can be because the information of how the attacks unfold (what the attackers do) after they manage to infiltrate the target network is not shared among the relevant parties, which impedes efforts to implement effective countermeasures.
Based on the interviews with the relevant organizations and the analysis of the actual incidents, this guide introduces a full picture of targeted email attacks and the points when implementing the measures against the attacks.

図2.標的型メール攻撃 攻撃シナリオ

IPA has broken down a targeted email attack into seven phases and formulated ten system design measures based on the analysis of the goal of the attacker, characteristics and patterns observed in the attack at each phase. The guide focuses on how the attacker explores and infiltrates deeper within the internal system, which has been out of scope of traditional security measures, and explains the countermeasures to thwart those actions at the system design level.

図1.標的型メール攻撃 攻撃シナリオ

Download the Guide

The System Design Guide for Thwarting Targeted Email Attacks

This guide is a sequel to the Design and Operational Guide to Protect against “Advanced Persistent Threats” and provides the system design measures for an information system against targeted email attacks.

Design and Operational Guide to Protect against "Advanced Persistent Threats"

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: