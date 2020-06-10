It has been reported that a hackers-for-hire group dubbed “Dark Basin” has targeted thousands of individuals and hundreds of institutions around the world, including advocacy groups, journalists, elected officials, lawyers, hedge funds and companies, according to the internet watchdog Citizen Lab. Researchers discovered almost 28,000 web pages created by hackers for personalised “spear phishing” attacks designed to steal passwords, according to a report published yesterday.
EXPERTS COMMENTS
Tim Mackey, Principal Security Strategist, Synopsys CyRC
June 10, 2020
These are the relationships which cyber-criminals of all stripes attempt to recognised and exploit.
Cyber defenders implicitly know that it's the attackers who define the rules for their attacks and that cyber criminal activity is fundamentally a business. Hacking for hire, or cyber-mercenaries, are part of that business landscape and one where targeted attacks are likely to only increase. While Dark Basin is reported to have engaged in spear-phishing attacks, its important to recognise that organisations engaging in hacking for hire will use whatever combination of techniques meet the scope of the customer contract. It is also equally likely that such groups will implant latent command and control systems within their victims to facilitate either long running intelligence gathering or to reduce the time for any future targeted attacks. From a defensive cybersecurity posture, minimizing the threat from implanted control systems starts with a robust inventory of what "normal" looks like for all deployed software within the organisation. This includes the mundane like software asset inventories, but also a thorough understanding of what data is collected, processed and retained by the business which then is coupled with a clear understanding of which systems have access to the data and who is authorized to both read and modify it. These are the relationships which cyber-criminals of all stripes attempt to recognised and exploit. They are also the relationships which governance, risk and compliance teams need to know in order to best protect the business from attack.
