![]() Or maybe, in the case of a small company, interesting connections and partners. If they get into a company that isn’t able to pay millions in ransom, they may find interesting information to resell. Don’t think that you don’t have anything of interest to a cybercriminal. “There are no companies that are too small. CautionĪccording to Shier, the key for companies and people is to be aware of the risks and changing tactics. “By doing so, they try to convey that there is nothing to see and that they are regular cybercriminals.” Detecting nation-states thus becomes more challenging. They use the same tooling and tactics, Shier asserts. In Shier’s view, the group is getting better at staying off the radar by disguising themselves as regular cybercriminals. Shier observes a trend among these nation-state hackers. As an example, the Sophos Senior Security Advisor cites the NetWalker ransomware attacks, in which a Canadian was arrested for attacks on Americans. While those countries are dominant, Shier argues that cybercriminals can come and operate from any country. Some obvious nation-states practising the latter are Russia, China, Iran and North Korea. There are no companies that are too small. That’s when it gets really dangerous, as meanwhile, they have access to highly confidential information and connections from the country of origin. For example, by placing a person in a large company. The nation-states themselves go much further than regular cybercriminals. Because of their resources and expertise, hackers are able to find that kind of information. This confidential information can be used by a country to fine-tune political policies. They ask the hackers to obtain highly classified documents, Shier clarifies. “Nation-state hackers have always been very proficient at gaining initial access and ultimately inflicting damage”, Shier says.įurthermore, Certain governments actively use nation-state hackers when they gain access to a company or organization from a hostile country. For example, they target a specific government organization or critical infrastructure for geopolitical reasons. These groups, often sponsored and assisted by a country, frequently focus on gaining access to systems and information of a nation-state. In addition to organized cybercrime, there are so-called nation-state hacking activities. The ‘affiliates’, or hackers, performed the work for DarkSide as a third-party. These tools included the infrastructure for payment and code. By relying on an affiliate program, DarkSide (the group behind the campaign) provided hacker tools to cybercriminals. Such collaboration was apparent in the Colonial Pipeline hack, Shier points out. These groups then carry out sophisticated attacks based on their specialism. In practice, this includes scanning corporate networks for open Internet services in order to get in and resell access to larger ransomware groups. Carrying out an attack and putting the pieces of the puzzle together is proceeding smoother and smoother, for which cooperation between hacker groups and cybercriminals can be crucial. This is reflected in the relationships of hacker groups. Shier confirms that cybercrime as a whole is professionalizing. The victim paid out millions, citizens hoarded fuel and fuel prices rose. To highlight an example: the Colonial Pipeline hack took down the entire oil pipeline network of the largest oil transporter on the east coast of the United States. The recent hacks on SolarWinds, Microsoft Exchange Server, JBS, Kaseya and Colonial Pipeline all fit into that mould. Entire communities are affected by attacks. Today, a successful campaign can generate millions of dollars for the attacker. While such campaigns still happen, the world of cybercriminality is evolving. It only takes a few dozen victims for them to earn much money. ![]() If a victim fell for the trap, the cybercriminals demanded several hundred euros as ransom. Often, thousands of emails would be sent for a ransomware campaign, with the malicious file hidden in a link or an attachment. About ten years ago, they worked very opportunistically - for example, by attacking regular consumers via email. It is clear that cybercriminals are becoming increasingly sophisticated and successful. In order to get a better picture of the current state of affairs, we spoke to John Shier, Senior Security Advisor at Sophos. Many security experts no longer question if a company will be hacked, but when a company will be hacked. Cybercriminals are becoming smarter, using more advanced techniques and attacking more frequently. The world of cybercrime is gaining a stronger grip on business.
0 Comments
Leave a Reply. |