• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Step aside, James Bond: Cyber espionage on the rise

Step aside, James Bond: Cyber espionage on the rise

  • Posted on:August 9, 2016
  • Posted in:Industry News, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0
What happens when the government is the victim of a cyber attack?

It seems that cyber security nightmares keep cropping up. Ransomware and other forms of malware are common threats that are enough of a headache for cyber security managers to deal with. However, another kind of threat has become apparent in recent years, as well: cyber espionage.

Cyber espionage can be characterized as the way hackers and other malicious actors gain access to confidential information stored by government organizations. It is being used as a tool against public entities, and not just the ones leaving themselves open to attack. Perhaps the most famous example of potential cyber espionage is the hack on the U.S. Office of Personnel Management that took place in 2015. The confidential information of more than 21 million current and former government employees was compromised in this attack.

Even the film industry is getting in on the cyber espionage theme. Covert operations often no longer look like James Bond escapades, where an operative physically infiltrates a country and gathers intel via deception and neat gadgets. Instead, it happens behind a computer screen. Recent movies like the new Jason Bourne installment have attempted to tackle this concept, and television shows like Mr. Robot are bringing to light the truth behind hacking into government operations.

Cyber espionage, unfortunately, also takes place in the real world.

Malware in Russia

At the beginning of August, IDG News Service contributor Peter Sayer reported that more than 20 military organizations in Russia suffered malware attacks on their networks and other critical infrastructure. This malware was made specifically for the Russian networks, with each instance of malware adapted to the characteristics of each PC targeted, but the way it operated pointed to similarities between this attack and others that have been levied against military operations around the globe.

The malicious software worked by gaining access to these government networks (via an email attachment) and then downloading tools that would do things like monitor network traffic, capture and transmit screenshots, and conduct keylogging activities. Sometimes the malware would even download modules that could record audio and video using the computers' microphones and webcams.

"The range of infected sites suggests that the targets were deliberately selected as part of a cyber-espionage operation," Sayer wrote. "Analysis of the attack showed that filenames, parameters and infection methods used in the malware are similar to those involved in other high-profile cyber-espionage operations around the world."

Russia may have also been the force behind a different cyber attack against the servers of the Democratic National Committee during the July convention in which Hillary Clinton accepted the nomination for president. At this point it's still conjecture, but it's critical to note that government organizations and malicious parties engage in this kind of cyber warfare on a regular basis.

PLATINUM resurfaces, but attacks from Chinese actors dwindling

Elsewhere, Hacker News contributor Mohit Kumar reported that the group of hackers calling themselves PLATINUM found a way to abuse the Hotpatching feature in Windows (which allows machines to apply updates without having to restart) to attack systems without being detected by anti-virus programs.

PLATINUM is an advanced persistent threat group that has used spear-phishing attacks in the past to infiltrate targeted networks, among other nefarious activities. The group has targeted Asian countries since 2009, launching large-scale operations against government organizations, intelligence agencies and telecommunications providers.

"The goal of the attacks doesn't appear to have been immediate financial gain," Kumar wrote. "[R]ather the Platinum APT group is up to a broader economic espionage campaign using stolen information."

Meanwhile, on the home front, things seem to be cooling down as far as the U.S. government is concerned. According to Reuters, the cyber espionage efforts conducted by Chinese parties has decreased in the last few months, after the Chinese government pledged in September to stop supporting these attacks. Whether or not China was actually behind any of these incidents is yet to be determined, but this is another example of the kind of uncertainty cyber espionage brings to the table.

Network protection is necessary

So what can be done to combat attacks like the one levied against Russia and countless others all across the world? Trend Micro researcher Macky Cruz wrote that securing network infrastructure is a critical step when defending against targeted attacks.

"Network administrators must make it incredibly hard for threat actors to ever gain administrative rights," Cruz wrote. "After all, a user profile that is not allowed to install and run downloaded programs on his system is, conversely, less impacted in our example. This will cause some inconvenience for users and administrators, but the tradeoff in increased security is worthwhile."

In other words, network security is paramount in this world of cyber espionage and targeted attacks. Public and private organizations alike need to make sure they are taking the proper steps to secure their networks and infrastructure so that would-be cyber criminals don't get the upper hand.

Related posts:

  1. Company Crown Jewels for Sale: How Espionage as a Service Affects Enterprises
  2. Political Figures = Preferred cyber-espionage targets
  3. Cyber espionage impacts nearly 70 countries
  4. U.S. labels China, Russia top cyber espionage threats

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.