In Japan, targeted email attacks were first spotted in about 2005, mostly targeting the government agencies. They have been around for a quite some time now, yet continue to be a real threat. One reason can be because the information of how the attacks unfold (what the attackers do) after they manage to infiltrate the target network is not shared among the relevant parties, which impedes efforts to implement effective countermeasures.
Based on the interviews with the relevant organizations and the analysis of the actual incidents, this guide introduces a full picture of targeted email attacks and the points when implementing the measures against the attacks.
IPA has broken down a targeted email attack into seven phases and formulated ten system design measures based on the analysis of the goal of the attacker, characteristics and patterns observed in the attack at each phase. The guide focuses on how the attacker explores and infiltrates deeper within the internal system, which has been out of scope of traditional security measures, and explains the countermeasures to thwart those actions at the system design level.