Cyber espionage warning: The most advanced hacking groups are getting more ambitious

   

20 Feb 2019

Cyber espionage warning: The most advanced hacking groups are getting more ambitious

The most advanced hacking groups are becoming bolder when conducting campaigns, with the number of organisations targeted by the biggest campaigns rising by almost a third.


A combination of new groups emerging and threat actors developing successful strategies for breaking into networks has seen the average number of organisations targeted by the most active hacking groups rise from 42 between 2015 and 2017 to an average of 55 in 2018.

The figures detailed in Symantec's annual Internet Security Threat Report suggest that the top 20 most prolific hacking groups are targeting more organisations as the attackers gain more confident in their activities.

Groups like Chafer, DragonFly, Gallmaker and others are all conducting highly targeted hacking campaigns as they look to gather intelligence against businesses they think hold valuable information.

Once attackers might have needed the latest zero-days to gain access to corporate networks, but now it's spear-phishing emails laced with malicious content that are most likely to provide attackers with the initial entry they need.

And because these espionage groups are so proficient at what they do, they have well tried-and-tested means of conducting activity once they're inside a network.

"It's like they have steps which they go through, which they know are effective to get into networks, then for lateral movement across networks to get what they want," Orla Cox, director of Symentec's security response unit told ZDNet.

"It makes them more efficient and, for organizations, it makes them harder to spot because a lot of the activity looks like traditional enterprise activity," she added.

In many of the cases detailed in the report, attackers are deploying what Symantec refers to as 'living-off-the-land' tactics: the attackers uses everyday enterprise tools to help them travel across corporate networks and steal data, making the campaigns more difficult to discover.

Not only is the number of targeted campaigns on the rise, but there's a larger variety in the organisations being targeted. Organisations in sectors like utilities, government and financial services have regularly found themselves targets of organised cyber-criminal gangs, but increasingly, these groups are expanding their attacks to new targets.

"Often in the past they'd have a clear focus on one sector, but now we see these campaigns can focus on a wide variety of targets, ranging from telecoms companies, hotels, universities. It's harder to pinpoint exactly what their end goal is," said Cox.

While intelligence gathering remains the key goal of many of these campaigns, some are beginning to expand by also displaying an interest in compromising systems.

This is a particularly worrying trend, because while stealing data in itself is bad enough, attackers with the ability to operate cyber-physical systems could be much worse.

One group Symantec has observed conducting this activity is a hacking operation dubbed Thrip, which expressed particular interest in gaining control of satellite operations — something that could potentially cause major disruption.

In the face of a rise in targeted attacks, governments are increasingly pointing the finger not just at nations but individuals believed to be involved in cyber espionage. For example, the United States named individuals it claims are responsible for conducting cyber attacks: they include citizens of Russia, North Korea, Iran and China. Symantec's report suggests the indictment might disrupt some targeted operations, but it's unlikely that cyber espionage campaigns will be disappearing anytime soon.  

Source: ZDnet

View all News
Loading

Thank you to all our Partners & Sponsors

OFFICIAL GOVERNMENT CYBERSECURITY PARTNER

Dubai Electronic Security Center Logo

Official Smart City Partner

dp

Strategic Sponsors & Partners

Strategic Partner

Strategic AI Partner

Huawei_gisec

Strategic Sponsor


sap

IOT Partner


Vodafone_iotx

 

Strategic Partner


cb

 

Official Digital Partner

etisalat_gisec

Strategic Partner

Strategic Partner

tahaluf

Platinum & Diamond sponsors

Platinum Sponsor

pp

Diamond Sponsor

fe

Gold sponsors


cs
 

gold sponsor


so

know

emailauth
HumanFirewall

thales

Silver sponsors

cf

df

Education Partner

isc2

ras

vf

west

GISEC

GISEC

nedaa

oracle_gisec

crest

Country Partner

India Pavilion Partner

Logo

Thank you to Exhibitors

VIEW MORE EXHIBITORS
 

Thank you to our Media Partners