Where In The World Do The Cyber Villains Live?

Uploaded on 2016-08-26 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW

Hackers work all around the world, but what's particularly surprising is how much the style of an attack depends on where it comes from.

Until now it has been fairly easy to categorize malicious cyber-actors as State Sponsored APT, Hacktivist, Mercenary and Script Kiddie. However, a new threat actor has emerged who uses technological means to bring terror and chaos to our nation and its allies: the Cyber-Jihadist.

Cyber-Jihad has quickly arrived on the scene and will only continue to grow and hyper-evolve. As a well-funded adversary, Cyber-Jihadists can easily outsource the more sophisticated attacks, purchase potent zero days, infiltrate and map networks and exfiltrate and manipulate data from America’s virtually unprotected Internet of Things.

China

Security experts describe China as almost the polar opposite of the former Soviet Union.

“China as an adversary: they’re very loud and clangy when they get into the networks,” said James Scott, a senior fellow with the Institute for Critical Infrastructure Technology. A contributor to the ICIT’s brief Know Your Enemies, a primer on geographic threat vectors in cybersecurity, Scott has studied regional signatures extensively. Much of it has to do, he explained, with local conditions and goals.

While the former Soviet hackers are big money players, and so more surgically pursue larger payouts, attacks from China are generally government orchestrated attempts to consume as much data as possible.

“They’re in panic right now [to catch up technologically,” he said. “They’re throwing sheer number as far as attacks and going after everything and anything from aerospace to academia to hospitals. They’re saying, ‘We’ll figure out a way to use it later, but go after everything before the U.S. and the West starts making cybersecurity and [digital] hygiene a part of their culture.'”

The result is a noisier threat vector, one that’s less concerned with subtle, undetected attacks than it is with expatriating as much data as possible. The hackers often act with similar brazenness to their Russian counterparts as they often operate in the open as a branch of the Chinese government.

North Korea

A similar actor to China in that attacks out of North Korea are government sponsored, this epicenter has two distinctions that set it apart.

First, North Korean attacks lack the sophistication of those that come out of China. Calling them “script kiddies,” Scott said that the government relies on third parties to do the heavy lifting when it comes to technical sophistication. The country has a dedicated cyberwarfare agency Bureau 121, but it likely suffers from the same crippled development in both material and human capital as the rest of the country.

Second, North Korean attacks are actual attacks. As ICIT mentioned in their report, “North Korea uses cyber-warfare as a cost effective branch of their military. Many in North Korea see cyber-warfare as the strongest weapon.”

As a result, these attacks have in the past focused on targets with military and political value, including financial and media institutions. There is some dispute, however, about some of the attacks attributed to Pyongyang, most notably the Sony Pictures hack of 2014.

Southeast Asia/India

In Southeast Asia, a band of territory roughly stretching from Vietnam to India, hackers pursue fast capitalization, according to Scott. Absent the resources or time table of an Eastern Europe attack, attacks from this section of the world focus on quick fraud and low-key attacks.

A Southeast Asian hacker is more likely to be operating as a petty criminal than one of the corporate or government agents from elsewhere.

“The criminal element,” Scott said, “is looking for capitalization. That’s why ransomware is going to be big.”

This is a region that produces high volume, low stakes attacks such as fake antivirus software and ransomware, which locks up and erases a computer unless the victim pays for the decryption key, typically in bitcoins. As with much of the rest of the world, the profile here meets the circumstances. This band of countries doesn’t have a malicious state actor or the kind of cohesive resources that build the infrastructure seen elsewhere. Instead it’s more about individuals working in Internet cafes looking to make a relatively small amount of money.

The US

The most targeted nation in the world, the US has a wide variety of home-grown threats as well. Increasingly one of the biggest concerns out of America is corporate espionage.

Given the effectiveness of US law enforcement, hacker groups in America remain underground and can’t create the kind of overt institutionalization that they can in other countries. That doesn’t mean that they remain disorganized however. Identifying one such group as “Butterfly Group/Morpho,” the ICIT wrote that they are “organized and efficient.”

“The emergence of the Butterfly group should remind organizations that corporate espionage groups and non-state sponsored APTs [Advanced Persistent Threats] still exist," the ICIT said. "In fact, in certain aspects, they are more dangerous than state sponsored groups. Mercenary and espionage groups may possess specific knowledge of what information to steal or from what systems to steal data. This information may come from competitors or it may come from insider threats within the organization.”

Many American companies will pay good money for the kind of information that a hacker can steal, Scott said. Patent secrets, insider information stolen from law firms, strategy documents, all of this information is worth billions in the right hands, and it absolutely has a market here in the United States.

This isn’t an exhaustive list by absolutely any stretch of the imagination. It’s a series of profiles, and like any profile is limited both in scope and precision… a hacker can work anywhere he’s got a laptop and a wireless connection, and many from the regions above have their own way of doing business. Out of China alone, for example, many private criminal attacks have also been identified such as the Elderwood Platform and the mercenary group Hidden Lynx.

Still, hackers are swapping digital attacks all across the world. One of the remarkable things is how much geography seems to play a role in the Internet’s borderless world.

ICIT: http://bit.ly/1Oh7CL1    The Street: http://bit.ly/2b5d71R

« Cyber Spying All At Sea
Artificial Intelligence Has Finally Emerged Into Real Life »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

SecuPedia

SecuPedia

SecuPedia is a wiki-type platform that collects and provides the entire knowledge of security and IT security.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Huntress Labs

Huntress Labs

Huntress provides managed threat detection and response services to uncover and address malicious footholds that slip past your preventive defenses.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

SafeCipher

SafeCipher

SafeCypher are crypto specialists with a very specialized knowledge of Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Quantum Resistant Cryptography and Crypto-Agility.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

nsKnox

nsKnox

nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments.

IT-Seal

IT-Seal

IT-Seal GmbH specializes in sustainable security culture and awareness training.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.