Cybercriminal groups backed by the governments of China, Russia, North Korea and Iran have made 2020 a particularly challenging year for cybersecurity.
According to experts Dmitry Alperovitch from the non-profit organization Silverado Policy Accelerator and Sandra Joyce from the information security company FireEye at the RSA 2021 conference, the two most high-profile events of the past year were cyberattacks on the SolarWinds supply chain and Microsoft Exchange servers. The first incident “was a traditional espionage operation” directed against foreign governments, especially the United States. The attack is a modernized approach to penetrating “hard-to-find supply chains and stay there for extended periods of time.” The purpose of the attack was specific information, while even financial information was ignored, allowing criminals to get more profit.
The nature of the SolarWinds incident was in stark contrast to the attack on Microsoft Exchange servers. This highly aggressive tactic has left many organizations that did not have the ability to quickly fix problems and find themselves vulnerable to subsequent attacks from other groups.
The experts also noted China’s recent cyber activity. Chinese APTs have actively attacked the healthcare and biotechnology sectors, especially vaccine developers and researchers. Another interesting point was the resumption of cybercriminal activity by the PLA (People’s Liberation Army), including the Equifax hack. China has also increased its use of mobile devices to pursue political goals and pressure dissidents at home.
Iran has largely “refrained” from attacking the US in cyberspace throughout the past year. However, Iranian hackers did intervene in the November presidential elections “more aggressively than the Russians.” An example of this was the Proud Boys’ email spoofing campaign, which attempted to intimidate registered Democratic voters.
According to experts, the North Korean government sponsors cybercrime to finance its projects. Groups such as APT38 regularly attempt to rob banks around the world. Unlike Iran, Russia and China, which often use ready-made tools (for example, Cobalt Strike), North Korea is actively developing and using its own production tools.
Recently, hackers associated with the RF have also stepped up their activities, attacking cloud providers, authentication and identification systems to reduce detection risks. Another major concern of criminals is the increased focus on critical infrastructure, in particular the transport industry.
Ransomware turned out to be the most dangerous cybersecurity phenomenon. Attackers are increasingly using intimidation to put pressure on their victims, threatening to “publish stolen data or call competitors or customers.” The experts emphasized that the amount of required ransoms has sharply increased recently. One example is the recent attempt by REvil operators to demand $ 50 million from Acer.
Experts suggest that the upcoming Olympic Games in Japan could be targeted by hackers. Attackers can take advantage of the opportunity to “send a message and declare themselves to the whole world.”
Catch up on more articles here
Follow us on Twitter here