Hackers Shift From Child’s Play To Serious Business

Cyber-attackers are hitting higher-profile targets for financial gain, for “hacktivist” causes or just for fun

Continued fro page 2

After LulzSec disbanded, Anonymous took up where the group had left off, going after government agencies and defense contractors to punish them for certain activities. Anonymous targeted Booz Allen Hamilton partially for its participation in government surveillance and intelligence-gathering programs. Attackers stole and dumped log-in credentials for 90,000 military employees from the consulting firm.

Anonymous also hit FBI contractors after law enforcement authorities arrested several people suspected of taking part in the group’s DDoS campaigns.

Even though hacktivists are increasingly targeting defense contractors and government agencies, they aren’t the only ones doing so, said Invincea’s Ghosh. These types of cyber-incidents can obscure the fact that these organisations are targeted and routinely compromised by aggressive cyber-campaigns carried out on behalf of nation-states, he added.

Invincea Labs researchers have uncovered and analysed “sophisticated spear-phish” attacks that targeted the defense and intelligence community, which likely had nation-state involvement, Ghosh reported.

These kinds of spear-phishing attacks are on the rise as adversaries target the most inviting vulnerability: human curiosity, Ghosh said. A large percentage of the high-profile breaches disclosed over the past two years—including Night Dragon, Google, RSA Security and Oak Ridge National Labs—engaged some spear-phishing elements, according to Invincea.

An eye-opening experience

While there have always been cyber-criminals, people generally were not aware of what was happening or exactly what was being stolen, said Samuel Lellouche, a senior product line manager at ActivIdentity. He added that, thanks to social networking, mobility, e-banking and cloud services, there’s more and more data “out there to steal,” so there will be increased cyber-activity.

The increase in data breaches and cyber-attacks is also making it easier for organizations to admit that they’ve been hit.

“The hacktivist’s goal is to bring their actions to the public, which is why we hear so much more about these attacks,” Lellouche said. In contrast, cyber-criminals want to stay unnoticed so that they can keep stealing.