What is the difference between state-backed hackers and cybercrime gangs?
March 14, 2017
Organised cybercrime is now as sophisticated as any government-backed hacking group and businesses are losing the fight against both.
Cybercriminal groups are more organised than ever. Many of the most sophisticated groups operate as if they were a legitimate internet software company and they’re rivalling the capabilities of even the most highly drilled state-sponsored hacking group. The distinction between state-sponsored actors and hacking gangs no longer exists.
While nation-states continue to set a high bar for sophisticated cyberattacks, some financial threat actors have caught up to the point where we no longer see the line separating the two,” warns the new 2017 M-Trends report by cybersecurity researchers at FireEye.
“Financial attackers have improved their tactics, techniques, and procedures (TTPs) to the point where they have become difficult to detect and, challenging to investigate and remediate.”
These financial attackers are so focused on their objectives and so skilled and resourced that they’re able to build custom backdoors with a unique configuration for each compromised system.This further increases the resilience of cyberattacks and malware, and makes it harder for even the most advanced forensic techniques to track what has happened when malicious activity is discovered.
The advanced nature of these cybercriminal tactics means that organisations are struggling to keep up with the latest hacking threats, with researchers stating how defensive capabilities have been “slow to evolve and respond”.
Many organisations are still lacking fundamental security controls and capabilities to either prevent breaches or to minimize the damages and consequences of an inevitable compromise
One of the methods cybercriminal actors are using to infiltrate targets is phishing emails which have become almost indistinguishable from a real message as attackers customise their emails to a specific client, location, or employee.
Attackers are even willing to take a hands-on approach with specific victims in order to gain entry to a target network. The report notes instances where hackers have phoned targets in order to help them enable macros in a phishing document, so as to allow malicious payloads to be deployed.