Learning About Russian Hackers

Uploaded on 2018-05-11 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

When British and US officials blamed Russian military hackers for last summer’s NotPetya ransomware attack, they were confirming long-held suspicions among western governments that Russia is stepping up its hostile cyber capabilities.

The announcement in February was consistent with the recent rhetoric of political and military leaders in the UK and the US as the two countries turn up the heat on Russia and other state adversaries they hold responsible for a string of aggressive cyber-attacks. 

“I think we have been watching nation states grow steadily more aggressive in their use of cyber capabilities,” says John Hultquist, director of intelligence analysis at FireEye, a cyber security company.

February brought a second Russia-related cyber security controversy. On February 16 an indictment filed by Robert Mueller, the US special counsel who is investigating Russian meddling in the 2016 US Presidential elections, charged 13 individuals and three entities with conducting “information warfare” against America.

The work of the Internet Research Agency, a Saint Petersburg-based company accused of creating fake news and setting up phony US social media accounts to attract online political audiences, may not be a cyber-attack in the strictest sense. However, it fits a broader pattern of online warfare being waged by Russian president Vladimir Putin to disrupt the west and its institutions.

In December, the US and Britain came together to attribute last May’s WannaCry attack to the secretive North Korean regime of Kim Jong Un. Like NotPetya, WannaCry targeted computer operating systems, locking users’ machines unless they paid a ransom. 

The online attack, one of the most virulent yet, hit hundreds of thousands of computers in 150 countries but was most sharply felt in the UK, where a third of the country’s National Health Service trusts were affected. A former US intelligence chief is now citing India and Pakistan as countries raising the threat of international proliferation. “Other countries will soon start copying what the Russians have been doing.”

A recent report from US intelligence sets out the cyber threats faced by western countries. In the briefing document, American spymasters describe cyber threats as the “new normal”.

It criticises Russia and North Korea but also highlights Iran and China as being “sensitive to international political events”, which can influence the level of malicious activity. Greg Sim, chief executive of Glasswall Solutions, a cyber security company, says government and business must embrace innovation to keep up with the changing threat. “The techniques used are easily evading reactive technologies.”

Indeed, businesses need to pay attention as much as countries. A January survey by Kroll, a corporate intelligence company, showed that attacks on companies by random cyber criminals were top of its list of 14 types of incident, accounting for a third of attacks in 2017. 

Aggrieved ex-employees came second (28 per cent) and competitors were ranked third (23 per cent). Attacks by nation states sat in 13th place and accounted for only 10 per cent of cyber hostility.

The question of how to respond to such threats is made all the more pertinent when one considers the US and its allies are battling adversaries who may be armed with cyber tools stolen from American intelligence agencies the NSA and CIA.
According to cyber specialists, both WannaCry and NotPetya were developed from the American cyber espionage tools EternalBlue and DoublePulsar, first leaked by a hacking group called the Shadow Brokers in early 2017.

A report by Crowdstrike, a cyber security technology company, published at the end of February, showed that the volume and intensity of cyber-attacks “hit new highs” in 2017 as the overall level of sophistication experienced a “meteoric rise”. 
The report said there was a blurring of the lines between hostile state attacks and more widespread criminal activity. “If you think about cyber, a lot of the techniques we are seeing were born out of nation-state attacks,” says George Kurz, co-founder and chief executive of Crowdstrike.

The Kroll survey showed that e-crime is the biggest worry for corporate executives. A total of 86 per cent of executives said they had experienced a cyber-attack in the past year. The survey also reported that 36 per cent of companies had been affected by a virus or worm attack, an increase of 3 percentage points since 2016; a third had suffered an email-based phishing attack; 27 per cent had suffered a data breach; and 25 per cent were affected by data deletion.

In the UK, the National Cyber Security Centre, part of the signals intelligence agency GCHQ, has been taking steps to protect public bodies and companies. It has been advising them on how to deal with these lower-level criminal attacks that, it says, “affect the majority of people, the majority of the time”. 

“There is much hyperbole about the capabilities of cyber actors,” says Ian Levy, NCSC’s technical director. “Certainly, some nation states invest huge sums of money and significant highly skilled resources in their cyber programmes and use those for various things that are detrimental to the interests of the UK.

“However, the vast majority of people in the UK will not be directly harmed by these actors,” he says. “They are more likely to fall victim to cyber-crime.”

Financial Times:

You Might Also Read:

Russian Hackers Trying To Infiltrate US Senate:

Australia Points The Finger At Russia For Cyberattacks:

 

« Five Steps To Keeping Your Cloud GDPR Compliant
One A Day: Healthcare Breaches Are A Daily Event »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

NetMotion Software

NetMotion Software

NetMotion Software specializes in mobile performance management solutions to manage, secure and support the mobile enterprise.

Menlo Security

Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email.

sic[!]sec

sic[!]sec

sic[!]sec provide products and services for web application security.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Cyberteq

Cyberteq

Cyberteq is an innovative Information and Communication Technology Consulting Company, enabling it’s customers to take full advantage of the latest technologies in a secure manner.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

LANCOM Systems

LANCOM Systems

LANCOM Systems is the leading European manufacturer of secure, reliable and future-proof networking (WAN, LAN, WLAN) and firewall solutions for the public and private sectors.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.

Meta 1st

Meta 1st

Meta 1st are a progressive SAAS enterprise, dedicated to harnessing the power of AI to address the most critical vulnerabilities in the world of cybersecurity: the Human Layer.