Dutch Report Cites Increase in Cyber Espionage
AIVD, the main Dutch intelligence agency, released its annual report on 6 March. According to the report, attempts at digital espionage and online political manipulation in Europe are on the rise both in number and in complexity. Focusing on the Russians as the major player, the report also discusses Chinese cyber espionage. The main targets of both countries included multinational companies, research institutes, and the energy, chemicals, and financials sectors. Source: Fifth Domain
North Korean Hackers May Be Working in Russia
A Japanese newspaper is reporting that a North Korean hacker group relocated from Hong Kong to Vladivostok, Russia to avoid UN and Chinese sanctions. The group is small, with 5-7 members in their 20s and 30s. If this report is true, then among other things the fact that this group is working in Russia would violate UN sanctions prohibiting countries from granting work permits to North Koreans. Source: JapanTimes, 18 Feb 2018
Five-Eyes Intelligence Agencies Pin NotPetya on Russia
Intelligence agencies in the English-speaking countries – U.S., UK, Canada, Australia, and New Zealand – known as the “Five Eyes” for their long-standing intelligence-sharing agreement, have unanimously blamed Russia for the NotPetya ransomware attacks on Ukraine during the summer of 2017. NotPetya included malware that was distributed via an update to an online accounting system. The ransomware was directed at Ukraine, but later spread globally. Source: Bleeping Computer, 18 February 2018
How Long Did It Take to Hack Equifax?
The April 2018 edition of Popular Mechanics includes estimates of the time it took for hackers to steal over 143 million files containing PII (Personally Identifiable Information – Names, Social Security Numbers, etc.) during the Equifax data breach last year. Estimates range from two and one-half days for files averaging 20 kilobytes to 38 days for files up to 250 kilobytes. Smaller file sizes, like one kilobyte, could be exfiltrated for 143 million records in about a day. If encrypted, the smaller files might look like normal traffic, for example, a file being sent to a dropbox account. Smart hackers might spread the attack over a longer period of time and use smaller files to evade detection. Poplular Mechanics, April 2018
Increase in Cryptojacking May Indicate Other Problems
Recent reporting indicates that over 40% of organizations worldwide have detected cryptojacking malware on their networks. Cryptojacking is the illicit use of a network’s computing power to contribute to the mining of cryptocurrencies. It drains power and can cause early degradation of network components. Cryptojacking of websites has been known for a while, but the latest versions of the malware targets network and application servers that can provide greater compute power. Most of the illicit cryptomining is done after business hours. A growing concern is that if a cyber criminal can inject cryptojacking malware into a network, what other types of malware could be injected, and more important, what other vulnerabilities are there on the organization’s network? Computer Weekly, March 2018
New Concern about Iranian Hackers
Cybersecurity experts are warning about the growing sophistication of Iranian hackers who have been seen infiltrating networks of organizations in many sectors including defense industry and energy firms. Symantec noted that an Iranian hacker group dubbed “Chafer” had conducted cyber espionage against several countries in the Middle East and compromised a telecommunications company. The Chafer group has conducted hacks based on the Eternal Blue exploit reportedly stolen from the National Security Agency. Director of National Intelligence Dan Coats alerted Congress on 13 March that the Iranians, Chinese, and North Koreans have all improved their cyber capabilities. Source: The Hill, 11 March 2018
Record Levels of Ransomware Attacks Against Businesses in 2017
Trend Micro reports that Taiwan was hit with “millions” of ransomware attacks last year. They were the worst hit in a global tsunami of ransomware attacks. Companies worldwide lost over $5 billion in ransomware attacks in 2017, a level four times higher than 2016. The WannaCry ransomware alone is thought to have infected over 200,000 computers in 150 countries. Business email compromises were the most frequent attack vector used to insert ransomware into organizational computers. Taipei Times, 10 March 2018
