TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentral TechCentral
    NEWSLETTER
    • News

      Moves afoot to fix Eskom’s debt problem

      4 July 2022

      Audi South Africa to offer free connectivity upgrades

      4 July 2022

      Shock fuel price increase announced

      4 July 2022

      Wiocc’s data centre business, OADC, appoints CEO

      4 July 2022

      Google’s Equiano cable lands in Namibia

      3 July 2022
    • World

      Tether fails to calm jittery nerves

      4 July 2022

      EU to impose wide-ranging new rules on the crypto industry

      3 July 2022

      Crypto hedge fund Three Arrows files for bankruptcy

      3 July 2022

      Meta girds for ‘fierce’ headwinds

      1 July 2022

      Graphics card prices plummet as crypto demand dries up

      30 June 2022
    • In-depth

      The NFT party is over

      30 June 2022

      The great crypto crash: the fallout, and what happens next

      22 June 2022

      Goodbye, Internet Explorer – you really won’t be missed

      19 June 2022

      Oracle’s database dominance threatened by rise of cloud-first rivals

      13 June 2022

      Everything Apple announced at WWDC – in less than 500 words

      7 June 2022
    • Podcasts

      How your organisation can triage its information security risk

      22 June 2022

      Everything PC S01E06 – ‘Apple Silicon’

      15 June 2022

      The youth might just save us

      15 June 2022

      Everything PC S01E05 – ‘Nvidia: The Green Goblin’

      8 June 2022

      Everything PC S01E04 – ‘The story of Intel – part 2’

      1 June 2022
    • Opinion

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022

      Rob Lith: What Icasa’s spectrum auction means for SA companies

      13 June 2022

      A proposed solution to crypto’s stablecoin problem

      19 May 2022

      From spectrum to roads, why fixing SA’s problems is an uphill battle

      19 April 2022
    • Company Hubs
      • 1-grid
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»In-depth»A peek inside the cybercriminal’s toolkit

    A peek inside the cybercriminal’s toolkit

    In-depth By Sunil Gopal4 May 2015
    Facebook Twitter LinkedIn WhatsApp Telegram Email
    Sergey Lovhkin
    Sergey Lozhkin

    In the cyber-espionage thriller Blackhat (2015), Chris Hemsworth plays a computer hacker who is freed from prison to trace a blackhat hacker — someone who breaches computer security with either malicious intent or for personal gain. As often happens, the lines between the real world and the movie world are becoming blurred.

    Indeed, if drive-by downloads, ransomware, distributed denial of service (DDOS) attacks, spear phishing, botnets and advanced persistent threats (APTs) sound like they’re from the trailer of the next Mission: Impossible movie, you could be right.

    According to Sergey Lozhkin, senior researcher at Russian information security firm Kaspersky Lab, today’s James Bond is more likely to be sitting at a keyboard plotting his next move than engaging in furious gun battles across the globe.

    “A small piece of code is way more dangerous than any damage that Bond could do,” Lozhkin says. Today, cyber espionage is the name of the game and it’s usually carried out through advanced persistent threats, continuous and covert hacking processes targeting specific entities using multiple malware tools.

    APTs have increased exponentially in number in the past five years, with a number of high-profile cases that have left governments, corporations and individuals red-faced — and out of pocket. The Carbanak APT attack earlier this year left banks across the world US$1bn poorer. The sophisticated malware used, along with the time, effort and resources ploughed into the project, mean it was more than likely sponsored by a rogue government agency, according to Kaspersky Lab.

    State-sponsored attacks tend to target specific users, as opposed to the mass-distributed e-mails favoured by cybercriminals. State attackers also develop their own malware with specific goals in mind, while ordinary cybercriminals generally attempt to extract specific valuable information such as credit card numbers and passwords en masse.

    Nation-state attackers often try and extract as much information as possible from their targets with the intention of going through it with a fine-tooth comb later.

    Amin Hasbini
    Amin Hasbini

    The Desert Falcons APT was the first known attack by an Arab group. Kaspersky researcher Amin Hasbini says the company was able to determine that Desert Falcons started work as far back as 2011.

    “They were quite well organised, consisting of 20 to 30 people working in three groups and from three locations. Each group had different targets, with some targeting mobile users, and others corporate and government users,” he says.

    The Desert Falcons APT targeted government, religious, aerospace and military institutions, health organisations, those involved in combating money laundering, media groups, academics, and energy and other utilities.

    Hackers were able to infiltrate users in Palestine, Egypt, Israel and elsewhere. They planted a “digital bug” that looked for special intelligence information on systems using Windows and Android and recorded audio as well as looked for SMS and call logs, along with geolocation information.

    No one is safe from APT attacks, not even the president of the US, says Kaspersky. In 2014, the CozyDuke APT targeted the White House and the US department of state. Attackers were reportedly able to read President Barack Obama’s e-mails.

    Those behind APT attacks tend to seek innovations and blueprints, business plans and budgets from companies, as well as military, space and other information that can be used to create the same products as competitors.

    They also look for digital certificates, which are used to sign malware created by them, and create virtual credentials and physical access codes. Scientific research results, which show the different projects that governments are engaged in are also a common target.

    Spear phishing
    Another popular method of gaining access to systems is through the use of spear-phishing e-mails. Cybercriminals use social engineering techniques to compel users to respond, with e-mails purporting to be from a tax agency (the South African Revenue Service, for example), a regulator or some other government agency, usually by threatening action against them.

    The missing flight MH370 saw cybercriminals taking advantage, with e-mails requesting “assistance” and “information” sent to various government and emergency organisations. Those keen to provide assistance downloaded malware in attachments without realising it was an attack vector. As a result, relief organisations were compromised.

    Zero-day exploits are also common. Here, attackers take advantage of a vulnerability in an application or operating system, one which developers have not had time to address and patch.

    One way criminals strike is by sending an e-mail alerting users to fix the problem. Other times, they take direct advantage of the vulnerability, hacking into systems.

    A recent example is a vulnerability in the WordPress content management system that allows hackers to hijack websites through a comment that contains malicious JavaScript.

    Alexander Lebedev
    Alexander Lebedev

    Distributed denial of service (DDOS) attacks are also commonplace. Here, a banking server, for example, that would usually handle 100 requests per second would suddenly receive a million requests, causing the system to malfunction.

    This is known as a volumetric attack, where a huge amount of requests are sent.

    Application-level attacks also disorientate the system. “Instead of just saying ‘hi’, it would also shake hands and give a hug all at the same time,” says Alexander Lebedev, head of product intelligence at Kaspersky. This would require more resources and could force a system to shut down. Such shutdowns result in reputational damage to an organisation as well as damage to clients who are unable to pay bills.

    There are various online tools — Nemesys and Hulk are two — that can be downloaded to launch a DDOS attacks. According to Lebedev, DDOS attacks very often involve the use of “botnets”, or groups of infected machines that are controlled by one person.

    Lebedev says that the underground in which cybercriminals operate uses bitcoins to sell and share services, or even rent a botnet for a criminal network. The price to rent a botnet controlling a thousand devices is just $50/day, according to Kaspersky.

    In an operation with Interpol, the company helped take down the Simda botnet, which had been running since 2009 and which controlled 770 000 devices. The botnet was used to launch attacks on news and media organisations around the world. Lebedev says the average cost to a small business from a botnet attack is $52 000.

    Ransomware
    So-called “ransomware” is another growing problem.

    Five years ago, it mostly involved computer users receiving a message from someone who had compromised their machine and locked it down and demanding a fee to unlock it. IT specialists were nevertheless able to unlock these computers, albeit with some effort.

    Today, says Lozhkin, the situation is very different. “Hackers have developed cryptors that fully encrypt all your data on your hard drive. The IT guys cannot help anymore,” he says.

    The only way to decrypt this data is to pay cybercriminals to obtain a unique key.

    Lozhkin says the most vulnerable targets are small businesses and government organisations that don’t have permanent or fully protected IT systems.

    Users are typically asked to pay the ransom in bitcoins — to avoid detection — and are even directed to websites where they can change money to bitcoins.

    Ransomware offers a huge pay-off. “Malware for ransomware is sold for $5 000. You can go to a botnet owner and gain access to thousands of computers for a minimal price. Income may be up to $25 000/day,” says Lozhkin. Also, cybercriminals do not do everything manually, but have created fully automated systems that decrypt test files and monitor payment. They even use social networks such as Twitter to show clients evidence of decrypted computers once users have paid.

    Is anyone safe?
    So, is anyone safe? A popular method of gaining access to users’ computers is by giving out USB sticks or even computer mouses that are able to infect computers once connected. And who has said no to one of those? Most people plug them in without giving it a second’s thought.

    Nevertheless, cyber security is a shared responsibility, says Kaspersky. Governments need to act to protect citizens’ information and vital infrastructure and companies need to protect clients and employees.

    But Kaspersky says the biggest weakness remains the one between the chair and the keyboard. Hackers take advantage of the human factor in developing social engineering methods to gain access to IT systems.

    So, think before you click. Or you might end up in some nasty horror story not thought up in Hollywood.

    • The writer travelled to a Kaspersky Lab conference in Lisbon, Portugal as a guest of the company
    Alexander Lebedev Amin Hasbini Kaspersky Kaspersky Lab Sergey Lozhkin
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleDo you trust online reviews?
    Next Article Inside Telkom’s colossal IT overhaul

    Related Posts

    The NFT party is over

    30 June 2022

    The great crypto crash: the fallout, and what happens next

    22 June 2022

    Goodbye, Internet Explorer – you really won’t be missed

    19 June 2022
    Add A Comment

    Comments are closed.

    Promoted

    The MSP value proposition has evolved – here’s why it matters

    4 July 2022

    Presenting the cloud finance in South Africa survey with AWCape and Sage

    4 July 2022

    The Equiano cable has landed

    4 July 2022
    Opinion

    South Africa can no longer rely on Eskom alone

    4 July 2022

    Has South Africa’s advertising industry lost its way?

    21 June 2022

    Rob Lith: What Icasa’s spectrum auction means for SA companies

    13 June 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.