After a short break, we’re back with our monthly global intelligence update. If you’d like to receive the full update, please get in touch with us.
In the past month, Cytegic’s CIAC has observed the following events and developments which are either indicators of trends, independent significant issues, or are important enough to inform our customers:
PII Theft (Financial Hackers and Data Miners):
We have already labeled Personal Identifiable Information (PII) as the “most sought-after asset of the year”, and August only deepened that claim. This month, some of the largest PII-theft incidents and campaigns to date were revealed, including the highly publicized 1.2 billion password theft. While no breach is exactly like the other, in terms of attack method, attacker or target, the motivation is the same – financial. Financial hackers, whether individuals or organized crime, and data miners understand the high financial value PII has and are targeting it, regardless of the geo-political region or industry. Among the main incidents this month were the South-Korea breach, the 1.2 billion password sensation and the Community Health System breach.
Regional Conflicts (Hacktivists, Terrorists and Nation-backed attackers):
As described in our previous updates, in the past year regional conflicts, whether internal or between countries, almost automatically trigger a correlating cyber-conflict. Such is the case in the clashes between Ukraine and Russia, in the Syrian and Iraqi internal conflicts, and it continued this month as well in other areas. Hacktivists are almost always involved in theses cyber-conflicts, and they usually enter the game early. But, in more large-scale and severe conflicts we see the involvement of terrorists, nation-states and nation-backed attackers, which naturally implement more sophisticated and powerful attack methods. Among the main incidents this month were Anonymous’ attacks on the Ferguson police, Anonymous’ attacks on the Pakistani government and Operation Protective Edge in Israel.
Financial Crime (Financial Hackers and Organized Crime):
Financial cyber-crime – by individuals, groups or organized crime syndicates – has been expanding rapidly in recent years, targeting more and more sectors in different regions. While an individual or a group of financial hackers usually target organizations and customers in their own region, organized crime sees cyber-crime as a border-less realm. The two also differ in capabilities, resources and persistency. What binds them is their mutual financial motivation and general objective.
In the past month, we have followed several major attacks and breaches, mostly in the US, which indicate two observable trends – attacking banks and financial institutions for money or money-worth assets; and injecting Point-of-Sale (POS) malware into retailers and large companies’ stores, in order to steal credit-cards and financial information.
Cyber-Espionage (Nation-States, Nation-backed attackers and Organized Crime):
We see cyber-espionage as being divided into two major fields – political espionage and industrial espionage. What divide them in many cases are the assets and industries targeted, and the focus. This month, we have followed several cyber-espionage campaigns which targeted organizations and companies from a wide variety of regions and industries. Among the main campaigns this month werethe Epic Turla APT, the Machete Cyber-espionage campaign targeting Latin America, the Norwegian energy firms breach and attacks on the US nuclear regulator.