In recent years, malicious programmers have created a variety of sophisticated targeted attacks aimed at high-profile or high-level entities, such as governments, corporations, political organizations, defense contractors, or the like. In many cases, the goal of such targeted attacks is to gain access to highly sensitive or confidential information, such as financial information, defense-related information, and/or intellectual property (e.g., source code), and/or to simply disrupt an entity's operations.
Many such attacks involve sending emails to a targeted entity that contain an attachment that has been carefully crafted to take advantage of an as-yet-undiscovered vulnerability of a particular application (commonly known as a “zero-day” exploit). Because many security software companies attempt to combat malware by creating and deploying malware signatures (e.g., hash functions) that uniquely identify known malware, this type of targeted attack (commonly known as a “spear phishing” attack) is often difficult for traditional security software to detect and/or neutralize since the exploits in question have yet to be publicly discovered.
Because targeted attacks may be difficult for traditional security systems to automatically detect and remediate, the attention of system administrators can be vital to identifying and/or responding to a targeted attack. However, some attackers have begun to use decoy attacks, such as distributed denial-of-service attacks, to distract systems administrators while a targeted attack takes place, thereby increasing the likelihood that the targeted attack succeeds.
Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for blocking flanking attacks on computing systems.