Incidents

The Tip of the Iceberg

The story of how HBGary Federal’s network was recently hacked, resulting in the leak of numerous emails belonging to the US cyber-security firm’s employees and bosses has been big news over the last few days.

Leaving the motive as well as the legal and ethical issues to one side, I would like to focus in on another aspect of this incident. What we are currently witnessing here is a shift in the cyber-threat landscape.

As I see it, what happened to HBGary almost exactly echoes some of our main predictions for 2011 which we published in December of last year. We predicted that in the near future we would see:

1. The emergence of new organizers of cyber attacks with new aims;
2. Attacks that aim to steal data of absolutely any type;
3. A rise in attacks targeting corporate users

Of course, those behind the attack on HBGary are not “traditional” cybercriminals and, as far as I can gather, malware was not used. It appears the main tools used by the hackers were vulnerabilities and social engineering techniques.

It’s important to remember that social engineering is always going to be more effective than malicious programs. Human factors can jeopardize any system no matter what level of technological protection it has. Those attacking an organization can achieve so much more with a polite letter than they ever could with the most sophisticated virus.

The HBGary episode is a perfect example of how to organize and carry out a successful attack to steal information. The hackers managed to penetrate the network of an IT security firm that has contracts with government agencies and financial organizations. Anyone with the slightest knowledge of the situation can appreciate the scale and value of the stolen data and the kind of damage it has inflicted on the injured party.

The attack on HBGary only became big news because publicity was the overriding aim of the organizers. It has hit the headlines purely because of the links to WikiLeaks, secret services and so on. However, this is just the tip of the iceberg. Attacks like this are taking place every day and their implications can be far more serious than the HBGary incident.

Once again:
Every day.
Far more serious.

In fact information about the vast majority of these attacks never makes it into the news at all.

The Tip of the Iceberg

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox