Cyber Mercenaries

(Stu Sjouwerman @ CyberheistNews) There is an interesting development I thought you should be aware of, and perhaps communicate to the powers that be in your organization.

By now it is well known that organizations get attacked all the time, and 91 percent of the organizations that were recently polled by Kaspersky suffered a successful cyber-attack at least once in the preceding 12-month period, while 9 percent were the victims of Advanced Persistent Threats.

What's new is the increasing rate of businesses turning to cyber mercenaries to penetrate their competitors’ networks. Outsourced cybercriminal gangs penetrated networks and exfiltrated terabytes of sensitive information. Other attacks were outright sabotage using malware to wipe data, block infrastructure operations, or DDoS attacks that shut down a competitor's public-facing websites. A data-wipe example was Saudi Aramco where 30,000 workstations were completely wiped out by malware this year.

Unfortunately cybercrime is incredibly innovative, they are constantly improving their malware using unconventional approaches. The most recent wave is a so-called encryptor which spreads both in corporate environments and at the house. Once the Crypto-locker malware takes over the workstation, it asks for $300 ransom to release the files. If this "ransomware" has been able to encrypt the files on a workstation and/or network shares, you better hope you have a working backup and wipe/rebuild that machine.

In 2013 we saw the first instance of targeting full supply chains. An example is discussed in a new research paper (link below) on the discovery of "Icefog"; a small but energetic APT group that focuses on targets in South Korea and Japan, hitting the supply chain for Western companies. It's obviously some Chinese operation, it started in 2011 and has increased in size and scope over the last few years.

That’s a good example what is now called of cyber mercenaries, small hit-and-run gangs that attack with surgical precision. They appear to know exactly what they need from the victims.

"They come, steal what they want and leave, they are for hire, provide cyber-espionage/cyber-sabotage activities on demand, following the orders of anyone who pays them,” said the report. The Icefog targeted attacks rely on spear-phishing e-mails that attempt to trick the victim into opening a malicious attachment or a website. Security Awareness Training is not a nice-to-have these days, it is a must... Link:
http://www.securelist.com/en/downloads/vlpdfs/icefog.pdf

http://active-technologies.com/content/cyber-mercenaries