Here’s our end of November Intelligence update. Don’t forget to tune in a month from now for our 2014 summary and 2015 assessment (alongside a few other surprises…).
In the past month, Cytegic’s CIAC has observed the following events and developments which are either indicators of trends, independent significant issues, or are important enough to inform our customers:
Major Incidents and Trends:
Sony Hacked – Sony Pictures was the victim of one of the most severe cases of corporate hacks, after attackers managed to infiltrate its internal systems and copy huge amount of sensitive corporate data. The attackers, named GOP, attacked Sony’s internal systems while bringing every computer in the network off-line. While at first it seemed that the attackers were merely after sensation, leaking unpublished movies, it quickly became clear that they managed to go after much more sensitive information, claiming they have some 100TB of data. The attackers copied corporate data including contracts, financial plans, sales details, employee personal information and even passwords (from a folder literally named “Passwords”).
DDoS Trending – This month it was revealed that several websites supporting the pro-democracy protestors in Hong-Kong have been hit with un-parallel DDoS attacks. Some of the attacks reached a never before seen scale of 500Mbps, more intense than the infamous Spamhous 300Gbps attack which actually slowed the internet worldwide. As we have written in past updates, the scale and intensity of DDoS attacks have been on a constant rise during the past year. Additionally the ease in which different attackers can now implement high-volume attacks has risen significantly, mainly due to the creation of easy-to-use and free (or cheap) tool-kits. Moreover, cyber-attacks of a political nature have become a standard issue, with DDoS being a significant factor in internal conflicts.
In past updates we have written about the top trends in the cyber-crime realms and specifically about POS malware and payment card theft. Due to the developments that allow quick and easy monetization of stolen credit card details, financial hackers of different capabilities and means are now capable and more prone to attack companies which hold that data. Alongside large-scale PII theft and banking trojans, this is top cyber-crime trend of the past year and we assess it will continue in the near future and in to 2015. To emphasize these trends, this month we have witnessed an insider ransom attack at the Israeli Leumi-Card credit-card company and a large-scale credit-card theft at HSBC Turkey. And, no month is complete without a huge POS malware attack – this time the victims are some 100 Staples stores in the US.
Hacktivism continues to be one of the top trending cyber fields, with top attackers being involved in global and internal conflicts. While up until recently, hacktivism was considered no more than a nuisance, it seems that hacktivists are gaining more and more capabilities and changing objectives and targeted assets along the way. As such, the Syrian Electronic Army returned to its roots by hacking Gigya in order to hack high-profile Western media outlets. And in Turkey, RedHack raised its game by apparently managing to erase $650,000 worth of electricity debt as protest for agricultural damage.
During this month Regin, a highly-sophisticated espionage tool was discovered, which targeted governments, infrastructure operators, businesses, researchers, and private individuals around the world for several years. Among its most prevalent targets were Saudi-Arabia and Iran, and researchers are claiming it seems the espionage kit was developed by a Western intelligence agency. Regin is one of the most sophisticated back-door Trojans ever discovered. It is a customizable and powerful framework that allows its handlers to target specific organizations with advanced multi-stage and stealthy attacks. This campaign emphasizes the constant rise in the sophistication levels of intelligence gathering malware, by nation-states or rogue espionage groups.
As always, if you’d like to receive the full copy of our monthly intelligence update please contact us at: firstname.lastname@example.org