gATO rEaDiNg - 2012 Maindiant “An Evolving Threat” and Trend-Micro LuckyCat ReDux reports. Great reading for any security geek but most important it’s about the business side of the hack. Take the old smash and grab of financial information and split town, process the financial windfall and party like it’s 2999. Now it’s more beneficial for the criminals to stay inside the victims servers and collect intelligence and espionage. Ok let the gAtO break it down for you, not as a criminal that’s easy, as a state actor I would go after AeroSpace, Energy, Shipping, Military Research, Engineering, India and Tibetan Activist… Wait a minute a India, a Tibetan Activist group, oh yeah you know it’s China but this is to be expected from China. Now the new spin is why would they go into a banks and use advanced persistent threats (APTs) hacks, well as gAtO understands it the Chinese have a shit load of MONEY— follow the money is not only an american thing it’s for every player in the world.
We have to look at the data through 3 different set of eye’s (magnifying glass with gAtO’s old EyE’s) but it’s still the same – Your data (ALL- your little company secrets) needs protection.
Here is the Score-Card your Business — versus – Competition, Government, Criminals, Hacktavist, Economic Espionage, Nuisance Hackers. On top of all this 94% of victims were notified by an external entity that they were hacked. If that doesn’t send chills down every board member in every company in the world, nothing does.
Here you are doing your business and let’s be frank some business well they walk a thin line sometimes like dumping medical and radioactive waste on a beach in New Jersey ( I know Snooki lives there) . IS your company maybe polluting the ground water for a 100 mile radius of the plant. This is not the information that they want hackers, or the press to get a hold of. “Remmember Rudolf Murdock News Hacking Empire- hey hack anyone for a buck”
Protect Customer Data yeah companies and governments want to protect it, but their little illegal/legal stuff companies do like hiding the report of the of shore oil well that just blew up and spilled all kinds of stuff all over the Gulf coast. These are the real thing that keep business people up at night worrying about hackers, it’s plain and simple cover your ass and let’s get that no bid government contract after we pay off the senator and we better encrypt that information…..
Hackers come in all flavors but if you look at the LuckyCat crewz these are very unique. Not only real computer scientist but marketing campaign and project management. They dual tier C&C (Command and Control), they use the victims supply chain to move laterally across trusted networks in order to be more invisible. Invisible takes a new trend here these hacker hide their code in plain site, they used older malware as insertion points sometimes and of course social engineering to gain access.
Bottom line these new hackers- they are business-men, -they are governments, -they are commercial criminals, -they are hacktivist or -they are a lone wolf hacker. Companies are finally getting the message. Protect your data, not just your customer’s data, but all your little secrets because if your online– someone is watching you and these can be a 15 year old kid or a Dual Master degree in computer technology that is unemployed or works for a government. Trust but verify takes on a new meaning now -gAtO oUt
lab notes - The report, which is based on hundreds of advanced threat investigations conducted over the past year, includes analysis, statistics and case studies that highlight how advanced and motivated attackers are stealing sensitive intellectual property and financial assets.
Malware Only Tells Half of the Story Organizations’ investments in malware detection and antivirus capabilities, while effective in detecting characteristics associated with common worms, botnets, and drive-by downloads, do little to help defend against targeted intrusions.
The use of these publicly available tools has added some complexity to identifying threat actors because when organizations identify a piece of publicly available malware they often cleanse the file and — in the process — obscure what could be a larger incident.
It’s unclear why banks wouldn’t already be looking for unusual settlement activity and conducting daily monitoring, but there it is. At any rate, “high-risk” merchants generally handle the dicey and vicey types of online commerce, such as Internet gaming, adult Web sites, rogue anti-virus software sales and online pharmacies. Might be a good idea to keep an extra close eye out for these types of unauthorized charges over the next few days