Hackers often employ social engineering techniques because the human weakness factor is much easier to penetrate than the network weaknesses. Many times hackers “win” when it comes to the battle because they are not limited by time or lack of motivation. Whereas the normal IT Director goes home at 5 or 6pm, the hacker will work 24 hours a day to accomplish his/her goal. After they have spent the time and due diligence to research every aspect of the target they can launch an all-out attack on the human infrastructure that can literally devastate a company or organization in a matter of minutes. Obtaining personal information, passwords, remote user accounts and more, the hacker will then use this information to launch a technology attack on the target. Over the past several years, state sponsored hacking has dominated the headlines. Here are a few examples from recent news articles that show how easy it is for hackers to implement these attacks and how devastating the consequences can be.
The Lazarus Group
The Lazarus Group is known as one of the most destructive hacking collectives on the Internet. It is alleged to be responsible for the devastating 2014 Sony hack, the $81 million Bangladesh Bank Heist and is also suspected of crafting the 2017 Wannacry ransomware attack.
$81M Bangladesh Bank Heist
On February 4, 2016 The Lazarus Group (unidentified at the time of the attack) committed what may be one of the largest and most brazen bank heists in history. The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers. Reports indicate that the FBI suspect the hackers may have had inside assistance from bank employee(s). With the payment transfer credentials, the hackers masqueraded as Bangladeshi bank officials and flooded the Federal Reserve Bank of New York with fraudulent money transfer requests totaling $101 million USD. A simple typo held up a transfer request for $20 million USD and raised the alarms. In the end the hackers got away with $81 Million USD.
Fancy Bear also known as APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM) is a cyber espionage group. Their hacking methods include zero-days, spear phishing, OAuth phishing, and malware. They are alleged to be behind numerous breaches including the 2016 attacks on the World Anti-Doping Agency (WADA) as well as the spear phishing attacks that led to the breach of the Democratic National Committee (DNC). As reported in the business insider, 2017 saw Fancy Bear notably increase the sophistication of it’s cyber attack with the OAuth phishing campaign that targeted France’s centrist presidential candidate, Emmanuel Macron.
The Dark Overlord
The Dark Overlord is a hacker or group of hackers that have claimed responsibility for the database breaches of numerous entities. They initially appeared to focus on medical facilities. As reported by deepdotweb, they first appeared in June 2016 advertising nearly 650,000 records from healthcare organizations on the Real Deal marketplace, a popular hub for stolen data. This was followed up just days later with the release of over 9.3 million patient records from a hacked healthcare insurance database. In both of these data dumps, the hacker(s) sought to extort ransom payments. As reported by Motherboard, the hacker(s) broadened their focus and targeted the family run business, GorillaGlue, stealing 500 GB of research and development materials. They then set their sights for Hollywood. According to Variety, the hacker(s) breached Larson Studios , a Hollywood-based audio post-production company and stole titles of numerous movies and TV shows from major studios such as, Netflix, ABC, CBS and Disney. The hackers demanded a ransom of $50,000 from Larson Studios. Although Larson Studios paid the ransom, the hackers released the popular Netflix show, ‘Orange is the New Black’, to a piracy network. It appears that in the case of Larson studios, two vulnerabilities provided the opening the hacker(s) needed. First, their employees were not sufficiently educated in the importance of computer security. Secondly, not all of their computers had been updated. ‘Orange is the New Black’ episodes were on servers running Windows 7. The hacker(s) were let in and the data got out.