Some elements of the current threat environment are almost random in nature. For example, when a team of hackers releases a new virus or worm, they frequently design it to spread outward in a pattern that cannot be entirely predetermined since it may rely on the contents of victims' contact lists or on the set of people who happen to visit a particular website during a specific window. Other attacks, however, are highly targeted.
There are two main categories of targeted attacks. A managed services model for IT support and services can help to ward off both of them.
Some threats are launched at a particular business or other organization. In these cases, the goal of the hacker is usually to gain access to private information such as proprietary information or customer credit card numbers and expiration dates.
Some hackers cast a wider net and seek to target a particular type of software interface or hardware infrastructure arrangement. This approach relies on known vulnerabilities that exist in a company's systems. Some kinds of browsers or plug-ins, for example, may present the hacker with opportunities to intrude into the network, particularly if the firewall in use is configured weakly or if no firewall is present.
Another common attack vector relies on some form of social engineering to trick someone with access to the network into helping to launch an attack. This can happen, for example, when employees visit certain websites or open attachments in email messages.