It seems that cyber security nightmares keep cropping up. Ransomware and other forms of malware are common threats that are enough of a headache for cyber security managers to deal with. However, another kind of threat has become apparent in recent years, as well: cyber espionage.
Cyber espionage can be characterized as the way hackers and other malicious actors gain access to confidential information stored by government organizations. It is being used as a tool against public entities, and not just the ones leaving themselves open to attack. Perhaps the most famous example of potential cyber espionage is the hack on the U.S. Office of Personnel Management that took place in 2015. The confidential information of more than 21 million current and former government employees was compromised in this attack.
Even the film industry is getting in on the cyber espionage theme. Covert operations often no longer look like James Bond escapades, where an operative physically infiltrates a country and gathers intel via deception and neat gadgets. Instead, it happens behind a computer screen. Recent movies like the new Jason Bourne installment have attempted to tackle this concept, and television shows like Mr. Robot are bringing to light the truth behind hacking into government operations.
Cyber espionage, unfortunately, also takes place in the real world.
Malware in Russia
At the beginning of August, IDG News Service contributor Peter Sayer reported that more than 20 military organizations in Russia suffered malware attacks on their networks and other critical infrastructure. This malware was made specifically for the Russian networks, with each instance of malware adapted to the characteristics of each PC targeted, but the way it operated pointed to similarities between this attack and others that have been levied against military operations around the globe.
The malicious software worked by gaining access to these government networks (via an email attachment) and then downloading tools that would do things like monitor network traffic, capture and transmit screenshots, and conduct keylogging activities. Sometimes the malware would even download modules that could record audio and video using the computers' microphones and webcams.
"The range of infected sites suggests that the targets were deliberately selected as part of a cyber-espionage operation," Sayer wrote. "Analysis of the attack showed that filenames, parameters and infection methods used in the malware are similar to those involved in other high-profile cyber-espionage operations around the world."
Russia may have also been the force behind a different cyber attack against the servers of the Democratic National Committee during the July convention in which Hillary Clinton accepted the nomination for president. At this point it's still conjecture, but it's critical to note that government organizations and malicious parties engage in this kind of cyber warfare on a regular basis.
PLATINUM resurfaces, but attacks from Chinese actors dwindling
Elsewhere, Hacker News contributor Mohit Kumar reported that the group of hackers calling themselves PLATINUM found a way to abuse the Hotpatching feature in Windows (which allows machines to apply updates without having to restart) to attack systems without being detected by anti-virus programs.
PLATINUM is an advanced persistent threat group that has used spear-phishing attacks in the past to infiltrate targeted networks, among other nefarious activities. The group has targeted Asian countries since 2009, launching large-scale operations against government organizations, intelligence agencies and telecommunications providers.
"The goal of the attacks doesn't appear to have been immediate financial gain," Kumar wrote. "[R]ather the Platinum APT group is up to a broader economic espionage campaign using stolen information."
Meanwhile, on the home front, things seem to be cooling down as far as the U.S. government is concerned. According to Reuters, the cyber espionage efforts conducted by Chinese parties has decreased in the last few months, after the Chinese government pledged in September to stop supporting these attacks. Whether or not China was actually behind any of these incidents is yet to be determined, but this is another example of the kind of uncertainty cyber espionage brings to the table.
Network protection is necessary
So what can be done to combat attacks like the one levied against Russia and countless others all across the world? Trend Micro researcher Macky Cruz wrote that securing network infrastructure is a critical step when defending against targeted attacks.
"Network administrators must make it incredibly hard for threat actors to ever gain administrative rights," Cruz wrote. "After all, a user profile that is not allowed to install and run downloaded programs on his system is, conversely, less impacted in our example. This will cause some inconvenience for users and administrators, but the tradeoff in increased security is worthwhile."
In other words, network security is paramount in this world of cyber espionage and targeted attacks. Public and private organizations alike need to make sure they are taking the proper steps to secure their networks and infrastructure so that would-be cyber criminals don't get the upper hand.
