Skip to main content

Cybercrime, Cyber Espionage Tactics Converge - Dark Reading

February 24, 2015

Cybercrime, Cyber Espionage Tactics Converge - Dark Reading

Dark Reading, by Kelly Jackson Higgins

To get a sense of just how nation-state attackers are upping their game now, consider this: nearly 80% of phishing emails used in attacks investigated by incident response firm Mandiant last year used IT and security-related topics, or impersonation of those departments or antivirus vendors in order to lure their victims into opening malware-laden attachments and links.

That's a 34% increase since 2013, says Ryan Kazanciyan, technical director at Mandiant, a FireEye company, which today published its annual M-Trends Report on investigations it conducted on behalf of breached businesses in 2014. "That's a fairly significant jump. This is one of those things with the visibility you have that represents the totality of what's out there," he says of how nation-states are now crafting their phishes.

Even more telling -- and confounding for investigators -- is how nation-states are increasingly trying to mask their activity in compromised organizations' networks by using hacking tools typically associated with cybercriminals. Mandiant says there's an increasing blurring of lines between the typical earmarks of a nation-state attack and a financially motivated cybercrime one. "A larger number of areas are a gray area now," Kazanciyan says. "Attackers are adapting their approach to [use tools used] in cybercrime," for example.

Mandiant points to the so-called Sandworm nation-state group's use of the BlackEnergy Trojan as a key example of this shift. Sandworm, which has ties to Russia, has targeted victims in Ukraine with BlackEnergy, as well as against ICS/SCADA networks. Why BlackEnergy? "Using crimeware toolkits such as BlackEnergy in those efforts may provide those attackers a degree of anonymity and plausible deniability," Mandiant's report says.

Kurt Baumgartner, principal security researcher for Kaspersky Lab's global research and analysis team, has spotted four new BlackEnergy plug-in tools created by the Sandworm attack group. The attackers are basically hiding behind the notorious and pervasive cybercrime malware. If an organization is running a sandbox and spots the BlackEnergy malware, it will assume crimeware, not Sandworm, he says. Read more.

Cybercrime, Cyber Espionage Tactics Converge - Dark Reading

Cybercrime, Cyber Espionage Tactics Converge - Dark Reading
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases