CS Nov-Dec 2020
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
hacking surge<br />
HACKERS FOR HIRE<br />
HACKER FOR HIRE GROUPS ARE LEAVING A TRAIL OF DESTRUCTION IN THEIR WAKE. THE RIGHT<br />
CYBER RESILIENCE STRATEGIES MUST BE PUT IN PLACE TO COUNTERACT THIS GROWING THREAT<br />
operators used to disguise the phishing links.<br />
We subsequently discovered that this<br />
shortener was part of a larger network of<br />
custom URL shorteners operated by a single<br />
group [Dark Basin]. Because the shorteners<br />
created URLs with sequential shortcodes, we<br />
were able to enumerate them and identify<br />
almost 28,000 additional URLs containing<br />
email addresses of targets. We used open<br />
source intelligence techniques to identify<br />
hundreds of targeted individuals and<br />
organisations. We later contacted a substantial<br />
fraction of them, assembling a global picture<br />
of Dark Basin's targeting."<br />
Citizen Lab's investigation yielded several<br />
clusters of interest, including two clusters of<br />
advocacy organisations in the United States<br />
working on climate change and net neutrality.<br />
"While we initially thought that Dark Basin<br />
might be state-sponsored, the range of<br />
targets soon made it clear that Dark Basin<br />
was likely a hack-for-hire operation. Dark<br />
Basin's targets were often on only one side of<br />
a contested legal proceeding, advocacy issue<br />
or business deal."<br />
According to a report published by<br />
internet-watching Citizen Lab, hacker<br />
for hire groups are targeting hundreds<br />
of thousands of institutions around the world,<br />
including advocacy groups, journalists, elected<br />
officials, lawyers, hedge funds and companies.<br />
"We give the name 'Dark Basin' to a hackfor-hire<br />
organisation that has targeted<br />
thousands of individuals and organisations<br />
on six continents, including senior politicians,<br />
government prosecutors, CEOs, journalists,<br />
and human rights defenders," states Citizen<br />
Lab. "Over the course of our multi-year<br />
investigation, we found that Dark Basin likely<br />
conducted commercial espionage on behalf<br />
of their clients against opponents involved<br />
in high-profile public events, criminal cases,<br />
financial transactions, news stories and<br />
advocacy."<br />
In 2017, Citizen Lab was contacted by<br />
a journalist who had been targeted with<br />
phishing attempts and asked if it would<br />
investigate. "We linked the phishing attempts<br />
to a custom URL shortener, which the<br />
CYBERCRIME EVOLUTION<br />
What this all too clearly demonstrates is that<br />
cybercrime has evolved and cybercrime-as-aservice<br />
(CAAS) is now a commonplace activity.<br />
"Not so long ago, if one wanted to launch<br />
a distributed denial of service [DDoS] attack,<br />
then one would need to develop the required<br />
malware, push the malware out into the<br />
web, infect enough computers to create a<br />
sufficiently large attack force and then launch<br />
the attack against the desired target domain,"<br />
says Kev Brear, director of consulting -<br />
Technology Risk - Xcina Consulting. "This<br />
was a time-consuming and labour-intensive<br />
process, and it required a fair degree of<br />
26<br />
computing security <strong>Nov</strong>/<strong>Dec</strong> <strong>2020</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk