The Tip of the Iceberg

The story of how HBGary Federal’s network was recently hacked, resulting in the leak of numerous emails belonging to the US cyber-security firm’s employees and bosses has been big news over the last few days.

Leaving the motive as well as the legal and ethical issues to one side, I would like to focus in on another aspect of this incident. What we are currently witnessing here is a shift in the cyber-threat landscape.

As I see it, what happened to HBGary almost exactly echoes some of our main predictions for 2011 which we published in December of last year. We predicted that in the near future we would see:

1. The emergence of new organizers of cyber attacks with new aims;
2. Attacks that aim to steal data of absolutely any type;
3. A rise in attacks targeting corporate users

Of course, those behind the attack on HBGary are not “traditional” cybercriminals and, as far as I can gather, malware was not used. It appears the main tools used by the hackers were vulnerabilities and social engineering techniques.

It’s important to remember that social engineering is always going to be more effective than malicious programs. Human factors can jeopardize any system no matter what level of technological protection it has. Those attacking an organization can achieve so much more with a polite letter than they ever could with the most sophisticated virus.

The HBGary episode is a perfect example of how to organize and carry out a successful attack to steal information. The hackers managed to penetrate the network of an IT security firm that has contracts with government agencies and financial organizations. Anyone with the slightest knowledge of the situation can appreciate the scale and value of the stolen data and the kind of damage it has inflicted on the injured party.

The attack on HBGary only became big news because publicity was the overriding aim of the organizers. It has hit the headlines purely because of the links to WikiLeaks, secret services and so on. However, this is just the tip of the iceberg. Attacks like this are taking place every day and their implications can be far more serious than the HBGary incident.

Once again:
Every day.
Far more serious.

In fact information about the vast majority of these attacks never makes it into the news at all.

The Tip of the Iceberg

Your email address will not be published. Required fields are marked *



LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox