InvestorsHub Logo
Followers 5
Posts 3006
Boards Moderated 0
Alias Born 09/06/2006

Re: None

Thursday, 09/10/2020 5:15:09 PM

Thursday, September 10, 2020 5:15:09 PM

Post# of 249568
Hacker-for-hire groups profit by commoditizing APT tactics

https://www.scmagazine.com/home/security-news/apts-cyberespionage/newly-exposed-hacker-for-hire-groups-profit-from-the-commoditization-of-apts/


In the span of just over three months, researchers have exposed three mercenary, “hacker-for-hire” groups engaging in industrial espionage and stealing corporate secrets for profit.

Despite using tactics, techniques and procedures that are more typical of a nation-state ATP group, these threat actors – Dark Basin, DeathStalker and an unnamed third entity group detailed late last month by Bitdefender – appear to have no government sponsor. Instead, they offer their cyber spying services to the highest bidder, in the form of organizations or individuals who seek intelligence on their business competition or their perceived enemies.

Such mercenary groups have long existed, but this rapid-fire set of discoveries at the very least suggests a possible trend. Might we be witnessing the first wave in a new influx of APT-for-hire groups entering the dark web market, ready to prey on businesses?

In a recent white paper, Bitdefender said it this “commoditization of APT groups” is “likely to become the new normal.”

“The fact that more security vendors have started seeing these APT-style tactics and techniques being used suggests that this could be the latest trend and a natural evolution towards APTs-as-a-service,” said white paper co-author Liviu Arsene, global cybersecurity analyst at Bitdefender, in an interview with SC Media. “Just as traditional malware evolved into malware-as-a-service or ransomware evolved into ransomware-as-a-service, it was only a matter of time – and a somewhat natural evolution – before APT hackers would start offering their contract-based services and skills to the highest bidder.”

And if that’s true, companies may not be ready for it – especially smaller ones.

“The real risk is that APT hackers-for-hire will change the way small and mid-sized companies approach security,” said Arsene. “For example, if a small company in real estate or architectural design did not have APTs in their threat model, now there’s a high probability they could be facing APT-style attacks simply because they’re contractors in large projects. The same holds true for any small and mid-sized business, which means that this new APT-as-a-service threat could trigger a wave of changes into how these companies plan and implement security from now on.”

Brandon Hoffman, CISO at at Netenrich, believes several factors may be behind the emergence of these latest mercenary hacking entities.

“Most notably is the success these groups have. The more success mercenary groups have the more skilled people will turn to this type of operation,” said Hoffman.

The increased availability of APT-style tools may be another factor. In some cases, the mercenaries might even be state-sponsored actors looking to make an extra buck during their spare time. “We have seen repurposed malware from nation-state activity appear in financially motivated cybercrime, which indicates this moonlighting behavior,” said Hoffman. Others actors, meanwhile, are “strictly financially motivated cybercriminals” who are “simply looking for a new or cleaner way to monetize their skills beyond the traditional methods. This is possibly related to the increased success of anti-fraud and limited cash-out mechanisms available to cybercriminals.”

And finally, we might be encountering more of these mercenary groups for the simple fact that researchers and analysts are getting better at spotting them. “There is a definite level of effort happening in the research world as identification techniques improve and researcher skill increases to expose these groups,” Hoffman added.

Stephen Boyce, principal consultant at the Crypsis Group, agreed, noting that “over the past few years, there has been an increase in open-source intelligence and cyber threati training & certifications, which has given security practitioners new tactics, techniques, & procedures for tracking them down, making their activities more apparent.”

Please see the rest of the article at the above link.
=================================================================
https://www.wavesys.com/malware-protection

What is malware?

Malware is a general name for software that installs on your organization's computers and creates damage. It includes computer viruses, worms, Trojans, spyware, adware, rootkits, Advanced Persistent Threats and more. These malicious programs could be created by a tenacious adversary, or by financially motivated criminals and inserted into your organization's computers. They may lie there undetected for months or secretly do things like log your keystrokes, steal your passwords, harvest your address book, observe where you go on the Internet, report sensitive data to distant servers, or even wipe or encrypt your data. Recent high profile malware attacks on utilities and countries, even, introduced contaminated software reported to alter the working of physical devices, like uranium enrichment centrifuges, oil rig equipment and water pumps. Malware can be introduced through a web download, an email attachment or even a USB external device for networks that are not connected to the internet.

Software can’t always detect malware

The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.

A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.

APT's extent seems wider each week. News stories about targeted attacks on organizations appear weekly. Even more stories do not appear, as some malware is not detected for very long periods of time. Some malware described as "cutting edge" has code components that have been available for 3 and 4 years, thus dating their undetected time of life in the wild. With online tools, even a non-technical person can create one easily. And there are more ways than ever for malware to spread: the Internet, personal computing devices, downloads, email, social media sites. Government agencies recognize it as a growing threat. Early detection is the highest priority in this Cyberwar. In 2011 NIST published guidelines for establishing a chain of trust for the basic input/output system (BIOS), which initializes a computer when it boots up. This critical system is one of malware’s more consequential targets and an area specifically protected by Wave Systems in its products and in its thinking.

Wave’s solution: start with the device

If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices
. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.

Which other attack vector should you watch? One common vector that is used to attack even the most secure networks is physical devices – connected to USB, FireWire or SD. Our Data Protection Suite AV scanner allows you to block any unscreened device from connecting to any machine in the organization, until it has been scanned for known malware.
==================================================================
https://www.wavesys.com/products/wave-endpoint-monitor

Excerpts:

Key Features:

Easy security compliance
• Comports with NIST guidelines for BIOS integrity

Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows
==================================================================
The Key Feature and features of Wave Endpoint Monitor could save an organization from a disaster as outlined in the above article!!!
==================================================================
https://www.wavesys.com/

https://www.wavesys.com/contact-information

















Join InvestorsHub

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.