CS Nov-Dec 2020

More documents

Recommendations

Info

hacking surge HACKERS FOR HIRE HACKER FOR HIRE GROUPS ARE LEAVING A TRAIL OF DESTRUCTION IN THEIR WAKE. THE RIGHT CYBER RESILIENCE STRATEGIES MUST BE PUT IN PLACE TO COUNTERACT THIS GROWING THREAT operators used to disguise the phishing links. We subsequently discovered that this shortener was part of a larger network of custom URL shorteners operated by a single group [Dark Basin]. Because the shorteners created URLs with sequential shortcodes, we were able to enumerate them and identify almost 28,000 additional URLs containing email addresses of targets. We used open source intelligence techniques to identify hundreds of targeted individuals and organisations. We later contacted a substantial fraction of them, assembling a global picture of Dark Basin's targeting." Citizen Lab's investigation yielded several clusters of interest, including two clusters of advocacy organisations in the United States working on climate change and net neutrality. "While we initially thought that Dark Basin might be state-sponsored, the range of targets soon made it clear that Dark Basin was likely a hack-for-hire operation. Dark Basin's targets were often on only one side of a contested legal proceeding, advocacy issue or business deal." According to a report published by internet-watching Citizen Lab, hacker for hire groups are targeting hundreds of thousands of institutions around the world, including advocacy groups, journalists, elected officials, lawyers, hedge funds and companies. "We give the name 'Dark Basin' to a hackfor-hire organisation that has targeted thousands of individuals and organisations on six continents, including senior politicians, government prosecutors, CEOs, journalists, and human rights defenders," states Citizen Lab. "Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high-profile public events, criminal cases, financial transactions, news stories and advocacy." In 2017, Citizen Lab was contacted by a journalist who had been targeted with phishing attempts and asked if it would investigate. "We linked the phishing attempts to a custom URL shortener, which the CYBERCRIME EVOLUTION What this all too clearly demonstrates is that cybercrime has evolved and cybercrime-as-aservice (CAAS) is now a commonplace activity. "Not so long ago, if one wanted to launch a distributed denial of service [DDoS] attack, then one would need to develop the required malware, push the malware out into the web, infect enough computers to create a sufficiently large attack force and then launch the attack against the desired target domain," says Kev Brear, director of consulting - Technology Risk - Xcina Consulting. "This was a time-consuming and labour-intensive process, and it required a fair degree of 26 computing security Nov/Dec 2020 @CSMagAndAwards www.computingsecurity.co.uk
hacking surge technical expertise to develop the malware and manage the DDoS attack process." However, the world of technology has 'progressed' and it is entirely possible to purchase a DDoS attack from the 'Dark web'. "One simply has to make contact with one of the numerous vendors of the services and specify the target, the magnitude and duration of the attack, pay the required fee (usually in crypto-currency) and then one sits back and observes as the crime unfolds," he adds. "The DDoS attack will have an associated service level agreement, but quite how the SLA is enforced in the event of a disagreement is currently an opaque area!" This "commoditisation of cybercrime" now extends beyond DDoS attacks, states Brear, and it is possible to purchase ransomware attacks, targeted hacks, bespoke malware, phishing email templates, industrial espionage services, and lists of potential targets for frauds and extortion attempts. "The other consequence of the commoditisation of cybercrime is that traditional criminals can purchase the required technical solutions to combine with their criminal prowess, and produce ever more inventive methods to defraud and attack people and organisations." Action Fraud, the UK's dedicated resource for reporting fraud and cyber-crime, estimated that UK citizens have already lost around £16 million from online scams and frauds in the earlier stages of the UK lockdown. "Also, the illegal takeover, or compromise, of cloudbased email accounts is approaching epidemic proportions and shows no signs of abating anytime soon," Brear warns. "Despite the focus on disruption to business operations created by the Covid-19 crisis, the traditional challenges created by cybercrime have not diminished and organisations need to have in place appropriate protective measures, security response plans and business continuity arrangements to maintain their critical services and functions." What is clear from these findings is that the range of threats that organisations face is increasing and now, more than ever, it's essential that companies have the right cyber resilience strategies in place to counteract this growing threat - which has only been amplified by the coronavirus pandemic and remote working. This is supported by another report, published by cyber security specialist firm Mimecast, titled 'State of Email Security', which has detailed some of threats facing businesses today. The report surveyed 1,025 global IT decision makers. Some of key findings include: 60% of IT professionals surveyed believed it's inevitable or likely they will suffer from an email-borne attack in the coming year 72% of respondents reported an increase in phishing on their organisations and, due to the global pandemic, threat actors are broadly using impersonation and BEC to steal from unsuspecting users. Mimecast has found that impersonation fraud attempts jumped by a staggering 30% from January to April 2020 47% of IT professionals surveyed in the UK say the volume of email-based spoofing of customers, vendors or business partners, using their brand to trick an organisation into giving cybercriminals money, sensitive intellectual property or login credentials has increased over the past year 51% of IT professionals surveyed in the UK say the volume of email-based spoofing of well-known internet brands (Microsoft, PayPal etc), asking employees for money, sensitive intellectual property or login credentials, has increased in the last year. TIMES ARE CHANGING This research comes at a time when organisations across the globe have been forced to adopt remote work policies for employees in response to the coronavirus pandemic. Threat actors have seized this opportunity and evolved the ways they are targeting their victims. Domain-spoofing and email-spoofing have become mainstream attack vectors, according to the report. Nearly half of organisations (49%) surveyed report anticipating an increase in web or email spoofing and brand exploitation in the next 12 months, and it is a rising concern. In fact, 84% of respondents felt concerned about an email domain, web domain, brand exploitation or site spoofing attack. It is critical for organisations to look beyond their email perimeters to determine how cyber threat actors may be using and damaging their brands online. Similar to years past, impersonation attacks, phishing attempts and ransomware continue to be a major problem, according to the research. Seventy-two per cent of report participants said phishing attacks remained flat or increased in the previous 12 months and 74% reported the same of impersonation attacks. This indicates that phishing is potentially becoming more difficult to stop or prevent, due to more advanced tactics such as spear-phishing. Ransomware also continues to wreak havoc, as just over half of respondents (51%) said that ransomware attacks impacted their organisation, citing data loss, downtime, financial loss and loss of reputation or trust among customers. The State of Email Security 2020 report also shines a light on the urgent need for a more cyber-aware workforce. Encouragingly, 97% of the respondents' organisations offered security awareness training at varying frequencies and formats. However, 60% of those surveyed reported having been hit by malicious activity spread from employee to employee, pointing to the fact that the format or frequency of these trainings could be the problem. With frequent, consistent, engaging content that humanises security, security awareness training is an effective way to reduce risk inside the network and organisation. While threat actors are visibly gaining in sophistication and evolving, their tactics in www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2020 computing security 27
Page 1 and 2: Computing Security Secure systems,
Page 3 and 4: comment TIME TO TAKE GDPR UP A GEAR
Page 5 and 6: Pragmatic and experienced risk mana
Page 7 and 8: editor's focus "Well trained staff
Page 9 and 10: health monitoring within the compan
Page 12 and 13: smishing SMISH, SMASH, BASH! A RELA
Page 14 and 15: smishing scams, while the Associati
Page 16 and 17: industry insights THE NEW ORDER IS
Page 18 and 19: mergers & acquisitions HITTING THE
Page 20 and 21: Data privacy BEYOND THE EU-US PRIVA
Page 22 and 23: contact tracing WE HAVE CONTACT THE
Page 24 and 25: contact tracing smartphones in mind
Page 28 and 29: hacking surge Adrian Rowley, Gigamo
Page 30 and 31: threat intelligence APTS AND COVID-
Page 32 and 33: gender inequality TIME TO REBALANCE
Page 34 and 35: gender inequality equates to - and
Page 36: NEW Sensitive Data Discovery and Re

CS Nov-Dec 2020

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?