Errors and small clues left behind by hackers and other types of cyber attackers can reveal a lot about a cyber espionage attack in terms of attribution and providing valuable intelligence on the people behind it, says a Kaspersky Lab senior researcher who is based in Australia.
In an interview given to ANI on the sidelines of the recently organised the third annual APAC Cyber Security Weekend, which was held on the theme “Cyberespionage in APAC: A Real Threat, recently in Phuket, Thailand, Kaspersky’s Senior Security Researcher Noushin Shabab said,”Cyber security researchers examine cyber espionage campaigns by chasing trails of clues and careless mistakes. Once we have all the necessary pieces of the puzzle, we share evidences with fellow experts to be able to know the spies behind an attack, their main objectives and techniques.
Shabab further said, “All the historic information gathered through investigating targeted attacks, helps us discover the truths and the myths of cyber espionage in the Asia Pacific region.”
She listed four key factors that construe careless mistakes and clues that reveal much about individuals involved in cyber espionage. These were:
• Apparent military connections
• Organisations engaged in undercover threat activity for state security
• Private companies offering intelligence services
• Cyber espionage campaigns that consist of a variety of people with different skilled roles and responsibilities
During her interaction with ANI, she also defined a cyber spy as being a person who gets unauthorised access to information and important or relevant documents. Such people could be found in intelligence agencies; in companies living a double life and private companies involved with cyber espionage.
Insofar as the social media space is concerned, Shabab said cyber espionage could be conducted through photos or work-related photos; personal or work-related information; reusing of usernames, passwords and e-mail addresses and use of social networks.
On what motivated people to go in for cyber espionage, Shabab listed four factors which were
. An arms race between countries
. Pursuit of a political agenda aimed at empowering a government or a company
. Activity aimed at giving the economy a boost
Kaspersky Lab’s researchers have been tracking advanced cyber espionage operations originating in and targeting Asia Pacific countries for the last 10 years, and have undertaken a review of the contribution made by attackers’ careless mistakes.
For example a threat actor called “Dropping Elephant”, likely operating from India,reported by Kaspersky Lab in July 2016,targeted high profile diplomatic and economic entities in countries including Australia, China, Bangladesh, Taiwan and more.
Clues revealed traces of three individuals where one in particular carelessly disclosed a personal document that led Kaspersky Lab researchers to find the faces behind “Dropping Elephant”.
Kaspersky Lab also published a report on Naikon APT in 2015. This cyberespionage campaign has been tracking geo-political intelligence in countries around the South China Sea for over half a decade, Later that year, an alleged connection discovered by Threat Connect researchers showed a domain name used in Naikon APT, was also found across several social media accounts.
These social media accounts carried more than 700 posts and 500 photos which enabled researchers to track down an official’s real location and work address.
In order to protect your personal or business data from cyber attacks, Kaspersky Lab advises the following:
- Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints.
- Educate and train your personnel on social engineering as this method is often used to make a victim open a malicious document or click on an infected link.
- Conduct regular security assessments of the organisations IT infrastructure.
- Use Kaspersky’s Threat Intelligence that tracks cyber attacks, incident or threats and provides customers with up-to-date relevant information that they are unaware of.