Some Countries are Buying Hacking Skills from Cybercrime Groups
Hiring criminal gangs to breach targets has become quite an advantage for nation-states, with the added bonus that it’s harder to trace the attack back to them.
You may think cybercrime is something quite recent and modern, but at the dizzying pace everything happens today, this is actually a phenomenon that has already gone through several phases of evolution and development. Countries are buying hacking skills and this is no longer something to be overlooked. What’s more, hacking is no longer a recreational hobby, it has become a professional and business activity, where breaking into the Pentagon’s systems is no longer a challenge, having been replaced by the search for various targets that produce economic benefits.
A team of cybersecurity researchers from BlackBerry warns in their 2021 Threat Report that hackers have become so skilled that countries are buying hacking skills to carry out attacks in an attempt to keep their own involvement hidden.
The emergence, sophistication, and anonymity of crimeware-as-a-service means that nation-states can mask their efforts behind third-party contractors and an almost impenetrable wall of plausible deniability. Attackers can obfuscate their efforts to make it appear as though an attack originated almost anywhere. This makes decisively attributing cyberattacks to known threat actors extremely difficult. Companies should consider adapting by applying Zero Trust networking principles and role-based access controls, not just to users, but also to applications and servers.
The country that ordered the operation receives the information or access it requires from malicious hacking operations, like phishing, malware, or breaching networks, while attackers get paid for their actions. At the same time, since the attack was conducted by cybercriminals who use their own infrastructure and techniques, it’s difficult to connect the activity to the nation-state that ordered the operation.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Cyber analysts emphasize the extensive hacking operations like Bahamut as an example of how sophisticated cybercriminal operations have become in the past few years.
BAHAMUT works hard to cover its tracks, ensuring its activities remain difficult to detect or attribute. It uses tools created by other threat groups (or publicly available alternatives) and keeps its campaigns, network infrastructure, and phishing tools separated. BAHAMUT may obscure its activity by imitating the same TTPs popularized by other threat groups. Backdoors and exploit shellcode written by BAHAMUT often includes anti-analysis features. When its activities are detected, the threat group quickly changes tactics and corrects any missteps leading to its exposure.
Researchers from BlackBerry note how the victims’ profiles have become too diverse to be linked to just one actor’s interests, implying that Bahamut is serving different clients, looking for jobs that would make them more money – and when it comes to funding, some nation-states have the most money to spend on conducting campaigns.
So, the client nation-state gains access to hacked networks and sensitive information with a low chance of being linked back to the hacker – which means that it will most likely avoid consequences or criticism for conducting attacks.
Outsourcing cyberespionage efforts might be attractive to disreputable businesses and individuals who lack the required tooling, infrastructure, and experience to conduct an attack themselves. Or, notorious adversaries experienced in cyber espionage could benefit from adding a layer of indirection to their attacks. Using a mercenary as a proxy can protect the identity of the real attacker and thwart attempts at attribution.
Protecting your network from deliberate cyberattacks can be a difficult mission, but, fortunately, there are cybersecurity practices that organizations can implement to help keep their systems safe. Providing remote access to sensitive information only to those who absolutely need it and constantly examining the network for uncommon and suspicious activities is one of the most effective prevention methods.