What’s the difference between opportunistic & targeted attacks? 

What's the difference between opportunistic and targeted attacks? 

There are two main types of cyberattack: opportunistic attacks and targeted attacks. Targeted attacks are when a cybercriminal has a specific target in mind whereas an opportunistic attack is when the attack is random. So, how do targeted attacks differ from common opportunistic attacks?  

The difference between targeted and opportunistic attacks depends on what the attacker wants and how they intend to achieve their goal. Remember, hackers will only work hard to accomplish their aim if the potential payoff is worth it. Therefore, it’s fundamentally important to ensure that your cybersecurity measures are robust and can keep sensitive data secure at all times.  

Read on to find out the difference between targeted attacks and opportunistic attacks and how to best protect your business against them. 

How do targeted attacks differ from common opportunistic attacks?  

Opportunistic attack   

An opportunistic cyberattack is when a malicious actor has no intended target, they will target anybody or anything to get what they want. It’s pretty much detached from the victim and usual occurs within big business where the stakes are high. For example, if a burglar were to enter a random house, they would take whatever they could get their hands on. It’s not a personal attack, the robbers would just take whatever had value that they could steal within the shortest space of time. Think of an opportunistic cyberattack in a similar way.  

Targeted attack  

A targeted cyberattack is when the hacker has a specific target in mind. It’s an intimate, persistent, and precise attack that is usually planned with an intended purpose. In the above burglar scenario, an opportunistic attack would turn into a targeted attack if the burglar had been monitoring a specific homeowner’s movements for several months prior to a robbery. The criminal surveys their victim closely to obtain pin codes to doors or to determine what is of value within the property. They would only pounce once they are sure they have all the information they need to launch their attack. Think of a targeted cyberattack in a similar way.  

5 common causes of both opportunistic and targeted attacks  

When asking how do targeted attacks differ from common opportunistic attacks? The intentions behind the two different types of attack are clear, but what could cause them can be quite similar in nature. The following are the most common causes of both opportunistic and targeted attacks: 

Sharing accounts  

It’s extremely important to ensure that each individual employee has their own accounts, logins, and passwords. This not only ensures that you know which member of staff is accessing the company network at any given time, but it also prevents unknown individuals gaining access to accounts and causing widespread damage to the organisation.  

Not changing passwords  

All company passwords should be changed every three months to limit the time a hacker has to infiltrate an account.  

Sharing sensitive data 

Company employees should only share sensitive data with those who need access. Applying the principle of least privilege is key here. More on that to follow.  

Not revoking access to ex-employees 

As soon as a worker has been terminated, all access rights and privileges should be terminated at the same time. The second they leave the company, the second they must leave the network or system. 

Not educating staff on phishing or malware attacks 

Failing to educate staff on the horrors of phishing and malware attacks, and to avoid clicking on any links or downloading unwanted applications can prove catastrophic to any organisation.  

How can you prevent an opportunistic attack?  

Opportunistic cyberattacks can be difficult to detect because they often have no warning signs due to being executed spontaneously. Opportunistic attackers simply leverage the situation at hand and take what they can get. This can happen to someone who has recently been terminated by the business. Let’s say they are fired on a Friday and over the weekend they discover they still have access to the company’s computer network or system. Upon this discovery, they take advantage of this gap in security and decide to access the organisation’s services and data. This is a prime opportunistic example. They can also come from the outside via phishing or malware. However, with 98% of organisations vulnerable to insider threats, it’s opportunistic attackers that pose the greatest threat.  

With the above in mind, let’s take a closer look at the steps the National Cyber Security Centre in the UK suggests to take to prevent opportunistic attacks: 

  • Boundary firewalls and internet gateways — establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the internet. 
  • Malware protection — establish and maintain malware defences to detect and respond to known malicious code
  • Patch management — patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs. 
  • Allow listing and execution control — prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives. 
  • Secure configuration — restrict the functionality of every device, operating system and application to the minimum needed for business to function. 
  • Password policy — ensure that an appropriate password policy is in place and followed. 
  • User access control and limit access to resources — include limiting normal users’ execution permissions and enforcing the principle of least privilege. 

How can you prevent a targeted attack? 

The stakes of targeted cyberattacks are much higher than opportunistic attacks. Targeted attacks often move above and beyond stealing low level personal information or money and progress to targeting specific data or information. The tactics used by malicious actors are usually newer and more sophisticated in nature which involves the exploitation of specific employees. 

When dealing with targeted attacks, IT security teams must switch from a security mindset to a defence mindset. Organisations must put in place defensive measures to detect, respond, recover, and protect their networks and assets. Approaches for constant vigilance should be implemented along with leveraging industry standard frameworks and the latest cybersecurity measures to protect the business.  

With the above in mind, let’s take a closer look at the top three steps to take to prevent targeted attacks: 

  • Security monitoring — to identify any unexpected or suspicious activity. 
  • User training education and awareness — staff should understand their role in keeping your organisation secure and report any unusual activity. 
  • Security incident management — put plans in place to deal with an attack as an effective response will reduce the impact on your business. 

How can RiskXchange help? 

RiskXchange is able to protect your business against both opportunistic and targeted cyberattacks. Reduce your organisation’s cyber risk by monitoring, tracking and mitigating risk across your attack surface around the clock, using attack surface management.

Attack Surface Management Benefits 

  • Identify vulnerabilities in your attack surface and mitigate potential risks. 
  • Categorise your digital assets and monitor the attack surface more effectively. ​ 
  • Automate your cybersecurity with an easy-to-use platform. 
  • Build an environment for a more secure supply chain. ​ 
  • Benefit from robust reporting capabilities, making it easier for security teams to send detailed reports to business stakeholders.  
  • Reduce ongoing compliance costs with a single source of truth, automated compliance data collection and real-time compliance status. 

Attack Surface Management Key Features 

  • Continuous Attack Surface Management 

Continuous 24/7 assessment of your attack surface in real time. 

  • Asset Inventory 

We accurately identify your internet assets across your attack surface and that of your third-party supply chain. 

  • Real-time Alerts 

The platform has a real-time alert system that will alert you about new cyberattacks. 

  • Complete Visibility 

Complete visibility into everything you own, including IP addresses, domains, certificates, and cloud assets.  

  • Security Automation 

Create alerts for new anomalies and automate key cybersecurity risk management functions. 

  • Trace your Digital Footprint 

Monitor all activities taking place in your infrastructure, including your vendor’s. 

  • Extensive Data Sources 

We refresh your data every 24 hours from DNS Records, Netblocks, Domain registrars, Honeypots, Business registration databases and other sources. 

Get in touch with RiskXchange for more on how do targeted attacks differ from common opportunistic attacks?