Hackers adapting to government adversaries
The toolkit for modern hacking groups who target governments includes exploiting the cloud and IoT devices to mask their presence and gain access.
A new threat report from Cisco found that hacker are increasingly able to mask their presence and take advantage of security vulnerabilities inherent in two popular technologies -- the cloud and internet-of-things devices -- to gain network access.
The report highlights how malicious actors are using increasingly sophisticated methods to hide and obscure the presence and intent of their actions from government cyber watchdogs.
Some forms of malware are being designed to evade modern security practices that isolate malicious code. Attackers also rely on cloud services like Dropbox and Google Docs to hide in the "noise" of legitimate network traffic.
"Clearly the malware is getting more and more creative," said Dan Kent, chief technology officer for Cisco federal and director of engineering.
As another example, the report points to the 2017 WannaCry attacks, which security researchers have attributed to The Lazarus Group and which Western governments, including the Trump administration, have said were conducted at the behest of North Korea. Though hundreds of thousands of computers were affected, only about 300 people actually paid the ransom, and the attacks yielded surprisingly small earnings, around $143,000. Cisco researchers believe that the "ransomware" aspect of the attacks may have been "merely a smokescreen" to hide the real objective: wiping data.
Dedicated denial of service attacks powered by hijacked IoT devices represent a real and growing threat, particularly reflection and amplification vectors that can exponentially increase the amount of traffic that botnets can direct. Kent said federal agencies tend to have better security procedures around their devices to prevent them from being hijacked, but their public facing websites are vulnerable to DDOS attacks. Additionally, the federal government plays a significant incident response and coordination role for the private sector and state and local governments, where the weaknesses are more pronounced.
"What we've seen is without any type of perimeter anymore and clearly with some of these IoT devices … you don't have the level of security" said Kent. "A lot of these devices get put on the network without IT even knowing until after the fact."