Don’t Overlook the Connection Between the Federal Hack & Phishing
While the main focus in this week’s sprawling nation-state hacking contretemps has been on who’s been hacked, and when, and what was breached, and why no one caught it, there has been one but small but crucial security matter that has gotten lost in the tsunami of trouble: these hackers used authentic credentials to move around inside of systems to do their dirty work. One of ways that they obtained those authentic credentials to use in the massive federal hack: phishing.
Modern Social Engineering Meets Old-Fashioned Simplicity
Everyone knows that phishing is the number one threat to every cybersecurity plan. An astonishing 90% of incidents that end in a data breach start with a phishing email. Cybercriminals of all stripes from small Dark Web gangs to huge nation-state hacking operations rely on phishing as a major component of any hacking operation because it’s cheap, effective, and garners them big rewards.
That’s why even though the suspected Russian actors involved in this hacking operation were using extremely sophisticated tools and techniques that many experts have never seen before, they didn’t overlook old-fashioned credential theft. They knew that the safest way for them to move around undetected inside their target’s systems and continue making incursions in new directions was to do it using authentic credentials. So they went for a sure thing to do that in this federal hack: phishing.
This has been a tremendous year for phishing with a more than 600% increase in activity due to massive shifts in the way that people are working and living plus the thirst for information and the fear spawned by the global pandemic. But cybercriminals know that no matter how much cybersecurity experts emphasize the value of security awareness and phishing resistance training, 62% of businesses still don’t do enough of it.
In a challenging economy, every company is looking for ways to trim spending, so they’re increasingly choosing to neglect things like training. Security awareness training isn’t sexy. It’s not a quick, shiny fix for a troublesome issue. No one is looking forward to it. Security awareness and phishing resistance training is something that is perpetually viewed as a boring, waste-of-time item that can be cut from the budget to save money – and that’s a huge mistake. Security awareness by sharp-eyed staffers is what exposed this breach now.
Whaling and Spear Phishing Do Massive Damage
Phishing of any sort is dangerous, but the two forms of phishing that were used by the nation-state hackers in this incident are absolutely lethal weapons: spear phishing and whaling. Both methods of attack could quickly net them what they needed to extend their operations without leaving a trace by gaining access to authentic or highly privileged credentials.
Everything about this hacking operation was carefully planned, skillfully executed, and meticulously supported, and the phishing elements were no exception. The nation-state hackers concentrated their phishing attempts into spear phishing and whaling because they had the resources to conduct those operations successfully using information gained in other hacks or from intelligence or Dark Web sources.
They then used those resources to trick employees of the initially affected companies into providing them with authentic credentials through social engineering, by using excellent impersonation techniques to convince their targets that the hackers were legitimate employees or executives that needed to add devices, reset passwords or perform other routine tasks. That then enabled the hackers to get their hands on increasingly more privileged credentials by carefully exploiting those opportunities when someone took the bait.
Old Problems Need New Solutions
It’s imperative that companies stop overlooking the immense damage that phishing can do to their organization, especially when defending against nation-state hackers. The most commonly used tool of nation-state hackers is ransomware, and the most common delivery system for ransomware is phishing. A robust defense against phishing is vital to secure systems and data in today’s threat landscape.
Don’t Wait Until Nation-State Hackers Knock on Your Door
Nation-state hackers aren’t just a problem for the defense industry or government agencies anymore – they’re also hitting their suppliers and partners, as well as dipping heavily into the private sector. All kinds of businesses in myriad industries are at risk. Throughout the COVID-19 journey to a vaccine, they’ve been striking at hospitals, drugmakers, and now cold storage transportation firms.
These bad actors haven’t just developed new technology that allows them to penetrate defenses more quickly – they’ve also reached into their toolbox to pull out some of the most reliable threats in classic cybercrime, and it’s working. They’ve benefited greatly from using phishing and ransomware to their maximum capacity instead of just tools that enable them to steal some data. Cybercriminals today are also using those tools to disrupt business operations, slow manufacturing, damage infrastructure, and cause all manner of havoc that they can use to make a profit.
Contact us at Optistar to see how our solutions can help you secure your clients, systems, and data against today’s biggest threats like phishing and nation-state hackers.
– ID Agent