Frenemy at the Gates – Hackers Excel at Leveraging Trust
A recent cyber security industry report broke down the evolution of an organized cyber crime group dubbed Black Vine. GDF’s founder discusses some of the themes which were touched on, from zero day exploits to watering hole attacks, and how trust is often used as a weapon of choice by cyber attackers.
On Tuesday, July 28th, Symantec released a security industry whitepaper on The Black Vine cyberespionage group, who are thought to have been behind the attack on Anthem Inc. which resulted in one of the largest data breaches in history. Among the topics covered were zero day exploits, watering hole attacks and spear phishing campaigns.
For Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions and digital forensics services headquartered in New York City, one big thing all these threat vectors have in common is that they leverage trust. “Trust has always been the go-to weapon of choice for cyber criminals. Many users will trust their antivirus scanners without question, but zero-day attacks exploit that trust. Spear phishing campaigns trick users into clicking on a link to a malicious site or opening an infected attachment by sending an email posing as someone they are not, again counting on trust to do the work. The same goes for watering hole attacks, trust is the weapon. In essence, the only thing security personnel can truly trust in is the fact that nothing should be blindly trusted, because doing so will almost always be a strategy that leads to disaster.”
The poisoned well
“Watering hole attacks are an old favorite on the cyber threat landscape. By doing some simple research and figuring out what sites are frequented by the players from the particular industry or organization they want to target, hackers can then focus on compromising less secure peripheral industry sites which will allow them to be used as an ambush spot to quietly deliver a malware payload like a RAT (Remote Access Trojan) to all the unsuspecting industry visitors that simply stopped by for a routine visit, effectively giving them a backdoor into a variety of other targets in the industry they are targeting. Once that’s accomplished, the hackers have their foot in the door to all of those respective networks as well, free to steal, modify and/or corrupt ESI (Electronically Stored Information) at will, or use them as a springboard to attack even more targets. Watering hole attacks are another example of how hackers leverage trust to find success,” says Caruso. “These visitors are not being compromised because they are visiting dubious sites, they are being victimized by visiting sites they should be able to trust, like industry forums, vendor sites and specialized news outlets.”
Zero Day Exploits
“Since stealth is a main ingredient of any successful large-scale cyber attack or espionage campaign, zero-day attacks are one of the most preferred malware delivery vectors due to their near invisibility – because they have not yet been reported, documented and patched. This is the inherent flaw with typical anti-malware solutions,” says Caruso, “they rely on matching a signature, or footprint, against a database of only known threats. Zero-day attacks allow hackers to use the time from when they identify an exploitable flaw in a program’s code to the time it is finally discovered and patched as their window of opportunity, and sometimes that window can cover weeks, months, or more. Some even employ fake security certificates, relying on that ingrained trust factor to have the victim proceed down the dark road they want them to travel.”
There are of course some basic steps everyone should follow to significantly reduce the chances of being the victimized by most forms of malware, and simple but crucial things like raising user awareness enterprise wide can be key to stopping many social engineering attacks like spear phishing, but APTs (Advanced Persistent Threats) and zero-day attacks are often in a different class. They are among the hardest to stop using yesterday’s reactionary approach to IT security. They are the threats that can prove devastatingly destructive and costly to even the most recognized and technologically savvy organizations on the planet. Because while traditional antivirus and anti-malware solutions may do a great job of handling the vast majority of cyber threats businesses face on a daily basis, their radar is simply not designed to handle sophisticated threats like today’s APTs and zero-day exploits. GDF employs both industry-recognized solutions as well as internally developed state-of-the-art proprietary tools and methods designed by veteran cyber security experts that live in the trenches of the cyber battlefield every day and know how hackers work in the real world.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.