Tag Archives: hacking

News

ESET reports cyberthreats to Ukraine by Russian APT

Leave a comment

Cybersecurity company ESET released its latest APT Activity Report, shedding light on coordinated threats to cybersecurity across the globe for 2022. Advanced Persistent Threats or APT, are broadly defined as targeted cyberattacks by either a single person or a coordinated team over a long period of time. Typically the objective is to obtain sensitive data from the target, which includes intellectual property, sensitive information such as financial details, a website takeover or even sabotage. The report compiles data from the period from September to December 2022 analyzed by ESET researchers.

image 1
ESET reports on APT threats for the end of 2022.

Ukraine targeted by new malware from Russian-APT Sandworm

During this period, the most notable cyberattack campaigns observed were perpetrated by Russian-aligned APTs targeting Ukraine. The most prominent was an attack by the APT group Sandworm in October targetting an energy sector company in Ukraine. Sandworm used a previously unknown wiper for the attack, a malware that deletes all the files on affected hard drives. ESET has named this wiper, NikoWiper, and it was found to be based on SDelete, Microsoft’s command line for secure file deletion.

image 2
Cyberattacks on Ukrainian energy sector linked to Russian-aligned APT Sandworm.
Image source: Bleeping Computer

The Sandworm attack against the Ukrainian energy company in October 2022 coincided with the same period of the Russian military attacks. Russian forces launched missile strikes targeted at energy infrastructure too, suggesting some form of coordination and shared objectives. While ESET does not have evidence for this coordination, ESET’s report has noted that APT groups have been known to be operated by a nation-state or state-sponsored threat actors.

More ransomware attacks and spearphising campaigns

ESET reports that Sandworm also used ransomware in the same attack, with the final objective appearing to be data loss or destruction. In this case, ransomware will be used to lock the files in company computers but Sandworm will not offer the decryption key for a ransom, as in a typical ransomware attack. More ransomware attacks were observed in this period, with the Prestige ransomware, associated with Russian-based threat actor IRIDIUM, deployed against logistics companies in Poland and Ukraine. Also in October, ESET discovered and reported on Twitter, a new ransomware in Ukraine written in .NET they named RansomBoggs. Other Russian APTs such as Callisto and Gamaredon were conducting spear-phishing campaigns in Ukraine. These are email or communication-based scams intended to steal credentials or other sensitive information.

image 3
Chinese-based APTs Goblin Panda and Mustang Panda beginning to target European countries.
Image source: SOCradar

Chinese-based APTs Target EU and Other Global Cyber Threats

Cyber threats were reported in other parts of the world as well. Chinese-based APT Goblin Panda, which typically targets the United States, have recently begun targeting European countries, a similar trend seen in another Chinese-APT, Mustang Panda. A Goblin Panda backdoor was found in a government organisation in the European Union, named TurboSlate by ESET. Similarly in Switzerland, ESET detected a Korplug loader used by Mustang Panda in an energy and engineering organisation. In Iran, the APT POLONIUM has targeted both Iranian companies and their foreign subsidiaries while the APT MuddyWater had likely compromised a security service provider. Cryptocurrency firms have more bad luck as North-Korean APTs were detected to target these firms and crypto exchanges globally with old exploits.

For full details on ESETs findings, the APT Activity Report for T3 2022 can be found on WeLiveSecurity here.

Business, Computers, Contributed, Mobile

How ethical hacking can improve your security posture

Leave a comment

*This article is contributed by Myles Hosford, Head of Security Architecture, ASEAN, AWS*

Cybersecurity professionals see some threat actors or outside-parties as the enemy. However, challenging this mindset is important; you can better protect your organization against outside-parties if you understand how they think and operate. With this in mind, businesses around the globe have turned to hackers to test security infrastructure and develop stronger, more robust security practices.

Before integrating penetration testing into your security policy, it is important to understand the different types of hackers that exist. Each group has differing motivations, and you must be clear on which of their skills can be used to your organization’s advantage.

Black hat

Photo by Luca Nardone from Pexels

Black hat hackers are cybercriminals motivated by personal or financial gain. They range from teenage amateurs to experienced individuals or teams with a specific remit. However, over recent years, several high profile blackhat hackers have refocused on using their cyber skills to protect organizations. An example is Kevin Mitnick aka Condor, who was just sixteen years old when he gained access to a Department of Defense computer.  Following this and numerous other hacks, Mitnick spent five and a half years in prison. Upon his release set up his own company, Mitnick Security Consulting, which now runs penetration tests for clients.

The issue of whether to work with a previous black hat hacker is a contentious one. Some, including David Warburton, senior threat evangelist at F5 Networks, believe that hiring ex-hackers is critical in staying ahead of the threat landscape. However, others are concerned about allowing this group access to corporate systems and customer data. The latter group should, however, consider other approaches to working with hackers. 

White hat

Photo by Reza Rostampisheh on Unsplash

Often referred to as ethical hackers, white hat hackers are employed by organizations to look for vulnerabilities in security defences. Despite using the same tactics as black hat hackers, this group has permission from the organization making what they do entirely legal. While they use their knowledge to find ways to break the defences, they then work alongside security teams to fix issues before others discover them.

Many of the biggest organizations in the world, including General Motors and Starbucks, are turning to white hat hackers to help identify fault lines and proactively enhance security posture. White hat hacking can offer an interesting and lucrative career path for people with technical skills. Drawing attention to the important role white hat hackers play can encourage more talented individuals to take a positive path instead of becoming black hat hackers.

Nurturing talent

There are many programmes in place to find, encourage and support the next generation of white hat hackers. An example, supported by AWS, is r00tz Asylum, a conference dedicated to teaching young people how to become white-hats. Attendees learn how hackers operate and how cybersecurity experts defend against hackers. The aim is to encourage people with technical expertise to use it for good in their career.  By equipping aspiring cybersecurity professionals with knowledge and skills, they can bake security into infrastructure, from the ground up. AWS’s support for r00tz is our chance to give back to the next generation, providing young people who are interested in security with a safe learning environment and access to mentors.

Building on solid foundations

Photo by Ramin Khatibi on Unsplash

For those responsible for maintaining customer trust and protecting data, an end to end approach to security is critical. As we have seen, working with ethical hackers is a powerful way to view security posture from a cyber-criminal’s perspective to identify and tackle vulnerabilities. However, it’s also important to remember that security needs to be baked in throughout an organization’s infrastructure. This is where partnering with a cloud platform can be beneficial; the best of these are developed to satisfy the needs of the most risk-sensitive organizations. Cloud platforms also offer automated security services, which can proactively manage security assessments, threat detection, and policy management. In so doing, these platforms take on a lot of the heavy lifting for security professionals, including ethical hackers.