Cybercriminals Often Use Social Engineering Techniques
Cybercriminals often use social engineering techniques when hacking an enterprise because the human weakness factor is much easier to penetrate than network weaknesses. Many times malicious actors “win” when it comes to the battle because they are not limited by time or lack of motivation. Whereas the normal IT Director goes home at 5 or 6pm, the cybercriminal will work 24 hours a day to accomplish his/her goal. After they have spent the time and due diligence to research every aspect of the target they can launch an all-out attack on the human infrastructure that can literally devastate a company or organization in a matter of minutes. Obtaining personal information, passwords, remote user accounts and more, the malicious actor will then use this information to launch an attack on the target.
State Sponsored Hacking
Over the past several years, state sponsored hacking has dominated the headlines. Whether it’s meddling in elections, global ransomware attacks or Distributed Denial of Service (DDoS) attacks, these examples from recent news articles show how devastating the consequences can be.
The Lazarus Group
The Lazarus Group also known as Hidden Cobra is known as one of the most destructive hacking collectives on the Internet. It is alleged to be responsible for the devastating 2014 Sony hack, the $81 million Bangladesh Bank Heist in 2016, the 2017 Wannacry ransomware attack, DDoS attacks, and the disappearance of over $571 million in cryptocurrency.
$81M Bangladesh Bank Heist
On February 4, 2016 The Lazarus Group allegedly committed what may be one of the largest and most brazen bank heists in history. The hacking collective breached Bangladesh Bank’s systems and stole its credentials for payment transfers. Reports indicate that the FBI suspect that the malicious actors may have had inside assistance from bank employee(s). With the payment transfer credentials, the cybercriminals masqueraded as Bangladeshi bank officials and flooded the Federal Reserve Bank of New York with fraudulent money transfer requests totaling $101 million USD. A simple typo held up a transfer request for $20 million USD and raised the alarms. In the end the hacking collective got away with $81 Million USD.
Fancy Bear also known as APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM) is a cyber espionage group. Their hacking methods include zero-days, spear phishing, OAuth phishing, and malware. They are alleged to be behind numerous breaches including the 2016 attacks on the World Anti-Doping Agency (WADA) as well as the spear phishing attacks that led to the breach of the Democratic National Committee (DNC). As reported in the business insider, 2017 saw Fancy Bear notably increase the sophistication of it’s cyber attack with the OAuth phishing campaign that targeted France’s centrist presidential candidate, Emmanuel Macron.
The Dark Overlord
The Dark Overlord is a hacking collective that have claimed responsibility for the database breaches of numerous entities. They initially appeared to focus on medical facilities. As reported by deepdotweb, they first appeared in June 2016 advertising nearly 650,000 records from healthcare organizations on the Real Deal marketplace, a popular hub for stolen data. This was followed up just days later with the release of over 9.3 million patient records obtained after hacking a healthcare insurance database. In both of these data dumps, the Dark Overlord sought to extort ransom payments. As reported by Motherboard, the cybercriminal(s) broadened their focus and targeted the family run business, GorillaGlue, stealing 500 GB of research and development materials.
They then set their sights for Hollywood. According to Variety, the cybercriminals(s) breached Larson Studios , a Hollywood-based audio post-production company and stole titles of numerous movies and TV shows from major studios such as, Netflix, ABC, CBS and Disney. The malicious actors demanded a ransom of $50,000 from Larson Studios. Although Larson Studios paid the ransom, the cybercriminals released the popular Netflix show, ‘Orange is the New Black’, to a piracy network. It appears that in the case of Larson studios, two vulnerabilities provided the opening the cybercriminals needed. First, their employees were not sufficiently educated in the importance of computer security. Secondly, not all of their computers had been updated. ‘Orange is the New Black’ episodes were on servers running Windows 7. The malicious actors were let in and the data got out.