Russian Hackers Have New Weapons

Uploaded on 2018-11-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

The same hacker crew that the US has blamed for the 2016 hack of the Democratic National Committee is back with a new weapon at its disposal, cybersecurity researchers have warned.

The so-called Fancy Bear group, alleged by American intelligence to be an arm of the Russian government, has been spotted launching fresh attacks on the West, just as a closely linked unit, dubbed Cozy Bear, has gone on a mini-espionage rampage.

Fancy Bear has started using new malware called Cannon, cybersecurity company Palo Alto Networks said recently. While new, it uses old techniques. Namely, it’s using email as a way of transferring data from infected targets. 

Those hacked organisations are based in North America, Europe and a former USSR state, Palo Alto Networks researchers said, without revealing more specifics.

The Russian crew, also known as APT28 and Sofacy, has been sticking to its tried and tested email phishing attack methods. In the latest spate of hacks, emails promised information on the crash of a Lion Air 737 MAX plane in the sea off Indonesia on October 29, in which all 189 on board died. 

It’s been the subject of much contention, as plane manufacturer Boeing has been criticised for not providing enough information to pilots about certain safety features of the aircraft. Boeing has said the information was in flight manuals.
Fancy Bear has jumped on the news, using it to target a government organization dealing with foreign affairs in Europe with a malicious Microsoft Word document entitled “crash list(Lion Air Boeing 737).docx,” the researchers said. 

“It’s pretty common for Sofacy to use lures that are timely and in the news,” said Jen Miller-Osborn, deputy director of threat intelligence at Unit 42. Miller-Osborn wasn’t sure why Fancy Bear had reverted to using the old technique of email communications, but noted it could be an attempt to avoid detection. It can also be used to upload more malware to infected computers.

She said the group had been busy in recent months. But it was conspicuously quiet around the midterm elections in November, compared to the 2016 Presidential election where it caused so much carnage.

Posing As State Department Dignitaries

Meanwhile, the Cozy Bear group, also linked by cybersecurity researchers to Russia, launched a phishing blitz on Wednesday, November 14. According to cybersecurity company FireEye, it’s Cozy Bear’s first outing in a year. In their malicious email, the hackers posed as a public affairs official at the US Department of State, Susan Stevenson, the principal deputy assistant secretary for that branch of government.

To make their attacks appear even more legitimate, the hackers commandeered the email server of a hospital and the website of a consulting company from which to send their messages. 

Though they looked like they contained secure communications from the State Department employee and an official internship document, they were in fact laced with malware designed to snoop on targets.
FireEye said recently Cozy Bear’s latest hit list included at least 20 of its customers across multiple industries including think tanks, law enforcement, media, US military, imagery, transportation, pharmaceuticals, national government and defense contracting.

New Russian Hacking Tool is Extra Sneaky

Russian hackers also have a newly discovered tool in their arsenal to access your computer.
It's a piece of malicious software dubbed "Cannon" by researchers at Palo Alto Networks, who wrote about the hacking tool recently. 

Once the malware is on your computer, it takes screenshots of your homepage and then uses your email account to send the images to the hackers, all without your knowledge. The Cannon software essentially becomes a spy camera living on your computer.

According to Palo Alto Networks, the hackers behind this are part of the Russian military spy agency better known as Fancy Bear, the same group behind the 2016 hack of the Democratic National Committee. And who are these notorious Russian hackers targeting now? They have Cannon poised at U.S. and European governments, of course.

Naturally, this scheme all started with a few successful phishing attempts. The Russian hackers sent emails to their targets with blank Word documents attached. 

The blank documents didn't catch the attention of security software, but once the targets clicked to open them, they also unknowingly downloaded a remote template featuring malicious code. If this sounds scary, there are a few ways you can protect yourself and your networks by avoiding the phishing bait. Here's how to spot a phishing attempt and how to deal with it:

Prevent
Security experts may sound like a broken record at this point, but to prevent phishing attacks altogether, make sure to beef up password security and enable two-factor authentication, especially on email and financial accounts.
Tech users should also have external or cloud backup in place, so if they do fall victim to a phishing attack, their data won't be lost entirely.

When checking your email, always think twice before clicking any link, especially if it has a URL shortener, or downloading an attachment, even if it's from a friend. Why shouldn't you trust a friend? Your friend's email account could have been compromised.

If you're unsure of anything, get on the phone with your friend or colleague to verify they did send that message. And of course, never wire transfer money without extra, verbal verification, Cidon warned.

Spot
Many phishing attempts often create urgency and in a panic get you to click. These psychological tricks get you to act without thinking. If you get a strange email saying your account is overdrawn, stop, take a breath and check a few key things before proceeding.

First, try to verify the sender. Hackers will often disguise the email to make it look like it's from an established source, like a friend or a company. But click to find out the details, and you might see a slightly altered email address, Cidon said.
Sometimes, hackers will gain access to a legitimate email account and alter the reply-to email address. If something is suspicious, like your boss is urgently asking you to send company security information or wire thousands of dollars of company money to, find out what the email address is that you would reply to with the information.

React
If you were unfortunately duped, maybe you clicked that link that said your PayPal account was going to be closed, there are steps you can take.

First, immediately reset the password on all of your accounts, especially any financial accounts. You should also call your bank to let them know you've had a security breach and you have not authorised any money transfers. If this was a phishing attempt on your work account, immediately report it to the appropriate channels. Some users might want to wipe endpoints and format the computer and reinstall programs, Cidon cautioned.

Ultimately, being aware of the risks posed by phishing is a good step. Educating people about these threats is important, so they know what's possible and how to prepare for it.

NextGov 1:          NextGov 2:        PaloAlto Networks:          Forbes

You Might Also Read:

Spy vs Spy - Cozy Bear Hackers Hacked:

Just Who Are Russia's Cyber Warriors?:
 

« Russian Cyber Strategy And Tactics
From Machine Learning To Machine Reasoning »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Datto

Datto

Datto delivers a single toolbox of easy to use products and services designed specifically for managed service providers and the businesses they serve.

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Assystem

Assystem

Assystem delivers a comprehensive security approach for the industrial and service sectors that integrates physical security systems, industrial cyber-security, functional safety and dependability.

Garland Technology

Garland Technology

Garland Technology specializes in network access points (TAPs) for 100% visibility allowing you to see every bit, byte, and packet flowing through your network.

Consortium for Information & Software Quality (CISQ)

Consortium for Information & Software Quality (CISQ)

The mission of CISQ is to develop international standards for software quality and to promote the development and sustainment of secure, reliable, and trustworthy software.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

Telsy

Telsy

Telsy is a security partner for ICT solutions and services. We help you implement effective security solutions that increase your risk mitigation ability and your responsiveness.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.