Article:

BDO Cyber Threat Insights

08 augustus 2018

Nation-backed cyber-criminal activity stole the spotlight in a review of cyber activity during the first half of 2018.

Russia and China continue to be the most prominent cyber actors, both via:

  • Nation-State cyber warfare groups, such as APT28 and APT29. These groups are highly capable and have considerable resources. In recent years, they have steadily begun focusing on espionage, destructive attacks and disinformation propagation via social media platforms and other media outlets.
  • Cyber-Criminal groups, with Cobalt and Carbanak being the most noteworthy. These groups target a wide gamut of sectors, notably financial and healthcare organizations. A joint international operation arrested an individual suspected to be behind these groups in March.1 However, their operations have not been disrupted; Cobalt successfully executed a large phishing campaign in May.2
  • Several Chinese attack campaigns also surfaced during the first half of the year. The two most notable attacks were against western defense/military targets, giving a reminder of China’s cyber capabilities and intentions. APT15, a Chinese-affiliated cyber espionage group, stole sensitive records and information from the UK military. Chinese hackers stole over 600GB of data regarding submarines and classified weapon systems from a defense contractor of the U.S. Navy.

In May, an attack against Banco de Chile affected 9,000 computers and corrupted 500 servers, enabling the attackers to steal $10 million dollars via the SWIFT system. The attack is currently attributed to North Korea and was the first time that a financially motivated attacker targeting a large financial organization executed a financial heist in conjunction with a sophisticated and fully realized wiper attack.
This modus operandi will force organizations and companies across all industries to re-evaluate how they can better respond to and mitigate multi-vector attacks that take place against several systems. Furthermore, cyber-attack contingencies must be modified to allow a rapid, yet organized, shut-down of an organization’s computer systems to survive such attacks.

Special Recommendations

  1. Prepare for complexity: Criminals are increasingly employing advanced evasive techniques, and more nation-state standard tools are being used for high profile cyber-attacks. This is likely to spread quickly through many industries and countries, raising the importance of monitoring and detection of your environment.
  2. Be ready for the unexpected: Organizations must conduct more scenario planning to address unanticipated outcomes during an attack. This is a critical step in establishing cyber defense procedures to handle multi-vector attacks against several systems, either simultaneously or as part of an escalation. Reviewing the implementation of a ‘kill-switch’ for various systems in case of a large-scale and sophisticated, destructive attack is important to consider.
  3. Establish a resource plan: Emergency scenarios are under-budgeted for by a factor of three. Many firms cannot or do not bring the appropriate skills and teams within an appropriate timeframe during an emergency; advanced planning for additional resources is highly recommended.

Best regards,
BDO Cyber Threat Insights Team

1 https://securityaffairs.co/wordpress/70675/cyber-crime/carbanak-gang-arrest.html
2 https://threatpost.com/despite-ringeaders-arrest-cobalt-group-still-active/132306/