Iranian Hackers Grow Up - Use Social Networking Sites for a Little Revenge After Stuxnet Lesson
As the Iranian cyber espionage attack called Newscaster is exposed, the power of social engineering again steps into the spotlight. Joe Caruso, founder and CEO/CTO of Global Digital Forensics, discusses the lessons US businesses should take from this type of attack, and the necessity to raise social engineering awareness at every level within an organization to improve cyber security posture.
With over a billion active users monthly from all around the world using the same platform to stay in touch with friends, family and business associates, it’s fair to say Facebook is woven into the fabric of society today. And let’s not sneeze at Twitter’s more than 250 million users, or LinkedIn’s growing army of 300 million plus, according to May 30th statistics posted by The RealTime Report. "But don’t be fooled, it’s not all rainbows and roses; danger lurks everywhere," says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a recognized leader in cyber security solutions, after a three year cyber espionage campaign dubbed Newscaster was recently exposed by iSight, as reported in this Reuters article on May 29th. “The need to raise awareness on the dangers social networking can pose on any of these high volume social networking platforms keeps becoming more obvious, and hopefully will wake more businesses up to the threat,” added Caruso.
Iranian hackers leveraged appetites for social networking and news credibility for cyber espionage.
As stated in the Reuters article, the Stuxnet cyber attack on the Iranian nuclear program was exposed in June 2010, widely considered to have been a collaborative effort between Israeli and US cyber forces to set back their uranium enrichment plans. "It was an eye opener for the world, especially the Iranians, as to what cyber attackers could accomplish with just 0s and 1s - all without a single shot being fired," said Caruso, "so Iran got busy bolstering their own cyber forces, and apparently had some success. Slowly and methodically they created multiple false personas across social media platforms, created false credibility with a fake news site, and leveraged targeted individuals’ “friends lists” and relationships to muster enough trust to eventually be able to deliver malware for cyber espionage and attack purposes on a personal level, and it happens more than you think."
“Unfortunately, these days it takes high profile events like these to make people take notice and actually think about the threat social engineering poses to their own businesses and livelihoods. But the truth is, this is small potatoes with such a small handful being confirmed as targets and/or victims. The scale it is happening on every day across all these social networking platforms, by everyone from organized cyber crime rings and state sponsored actors, down to the lone wolf hacker just having sick fun, that’s what businesses should really fear. Just one employee falling for the scam can hand the keys to an entire business network to an attacker, and the consequences could range anywhere from a nuisance, to a catastrophic door-closing event. And the motives can be quite diverse, from pure greed, to political “hacktivism,” to revenge or just thrills, so everyone and everyone can be a target.”
When it comes to detecting social engineering scams, knowledge truly is power.
“I feel like I’ve said it at least once for every Facebook user out there, but with what we see on a daily basis, it bears repeating – raising social engineering awareness enterprise wide is probably the most important thing an organization can do to secure their ESI (Electronically Stored Information) and other digital assets. Just about everyone has antivirus solutions running to stop many threats, and many organizations have personnel or vendors at least trying to hold the fort, so a majority of threats are actually thwarted. But the nasty ones, the ones that make punchlines of globally recognized companies and cause smaller business to close up shop every day, a vast majority of those all started with social engineering, typically in the form of a phishing or spear phishing campaign. And recently, boiler room operations that combine old-school phone rooms with evolving cyber attack techniques have been getting increasing play as well. But if everyone in an organization isn’t up to speed on what to watch out for on the social engineering front, and taught ways to better secure themselves, and by extension the organization, it’s all for naught.”
The social engineering awareness two-step, test and teach.
“We’ve been in the cyber security game for a long time, and we know what hackers have done in the past, and how they are evolving today. That’s why we designed our vulnerability assessments and penetration testing with a strong focus on social engineering. We’ll of course identify and help rectify any technology, policy or procedural weaknesses, but we’ll also go the extra step of designing a full scale social engineering attack. We like to use phishing and spear phishing campaigns the most, because they are the vectors that compromise the most networks. When hackers get their hands on the master keys to the network, the sky is the limit for them, and exactly the opposite for the victim. We take great pride in never having failed to breach a network we’ve been hired to test. And we take just as much pride in watching the lessons they learn through the results of the assessment and testing process make them much stronger on their cyber security front going forward. And if a client wishes, we can help in other ways on the training front too.”
Don’t hesitate, it only takes one successful attack to pay a much heftier price than the cost of improving cyber security.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.