Security Central: Fancy Bear Bites Again, the Internet of Things Moves Toward Security
It appears that the Bears are at it again. No, not those Bears. Think more the hacking, Russian kind.
October 20, 2016
It appears that the Bears are at it again. No, not those Bears. Think more the hacking, Russian kind. A new report released by the SecureWorks cybersecurity company has revealed the method used by Russian government hacking group Fancy Bear to get inside the systems of the Democratic National Committee (DNC) and members of Hillary Clinton’s senior campaign staff.
This continuing saga made major headlines recently because for the first time in history, the United States officially accused a foreign government of trying to tamper with and influence the presidential election. As you may well remember, it all began on a cold morning back in March, just days after Hillary Clinton dominated Super Tuesday and all but ensured her spot as the Democratic nominee. That day, a series of emails found their way into the inboxes of the top members of her campaign.
At a glance, they were nothing out of the ordinary. They looked exactly like the standard warning emails that Gmail users sometimes get asking them to review suspicious activity on their account. The link provided in the emails prompted the users to reset their passwords – you know, for security reasons (petition to rename the group Ironic Bear…). Once clicked, the victims were taken to a page that looked exactly like a standard Google login/password reset page. As the unsuspecting users entered their information, they were simultaneously downloading malware and handing their sensitive password information over to the hackers. The attack gave Fancy Bear access to the Democratic Party’s email accounts, shared calendars, documents and information stored on their Google Drive. Gift-wrapped. With bows.
Experts and researchers found the emails by tracing Fancy Bear’s malicious URLs using Bitly.com, a link shortening service. “We were monitoring bit.ly and saw the accounts being created in real time,” said Phil Burdette, a senior security researcher at SecureWorks. Fancy Bear had set the URLs to read “accounts-google.com” rather than the official Google URL, “accounts.google.com.” You sort of have to hand it to Fancy Bear – would you have noticed that tiny difference? “They did a great job with capturing the look and feel of Google,” said Burdette. It’s hard not to agree.
This was the first occurrence in a string of attacks orchestrated by the hacker group designed to steal information – some damning, some not – for the sole purpose of leaking it all over the internet to cause doubt, distress and generally wreak havoc on the election process. Countries have used cyberspace to spy on each other since the moment the computer technology was available. But this is brand new, uncharted territory – not just for the United States, but the entire developed world. This is shaky ground indeed, particularly since the U.S and Russia have been one-upping each other in the cyber-attack arena for some time now.
“Fancy Bear is Russia, or at least a branch of the Russian government, taking the gloves off,” said an anonymous Department of Defense official. “It’s unlike anything else we’ve seen, and so we are struggling with writing a new playbook to respond. If Fancy Bear were a kid in the playground, it would be the kid stealing all the juice out of your lunch box and then drinking it in front of you, daring you to let him get away with it.”
So IT consultants in the channel, take heart. Even the DoD is struggling to combat phishing schemes. You are not alone.
Now for a visit to the land of connected devices, fondly known as the Internet of Things (IoT). An article by The New York Times recently explored our increasingly connected, “smart” world from a security standpoint. It seems as though everywhere you turn these days, more and more things are being computerized and connected to networks. There are your obvious ones – cars, watches, home safety systems and factory machinery. But it doesn’t end there. Start wrapping your brain around smart clothing, digital sensors in farm soil and roads and ordinary home appliances. According to Gartner, in the last two years, the number of IoT devices in the world has exploded by nearly 70 percent to 6.4 billion. By 2020, the IoT population will reach 20.8 billion.
There are the two sides. Yes, the IoT will help make people and the world we live in more streamlined and efficient. Think of the wonders it can, and in many ways already has, do for health care, the food production industry, transportation, energy consumption and sustainability initiatives. Opportunities abound for channel partners in nearly every vertical.
But amid the shiny, exciting technology innovations, however, there’s the other side of the coin – the more connected things there are, the more things there are to hack. This is critical for channel partners and VARs who have customers ready to climb aboard the IoT train, or have already made the leap. As customers evaluate the possibilities and pitfalls of the IoT, particularly in the area of security, organizations will need the advice and direction of an expert in the space.
“If we want to put networked technologies into more and more things, we also have to find a way to make them safer,” said Michael Walker, a program manager and computer security expert at the Pentagon’s advanced research arm. “It’s a challenge for civilization.”
Walker and the Defense Advanced Research Projects Agency (DARPA) came up with an answer to that challenge. The Cyber Grand Challenge is a contest in which participants would have to “create automated digital defense systems that could identify and fix software vulnerabilities on their own — essentially smart software robots as sentinels for digital security,” according to the Times. The winner would receive millions of dollars in prize money. Not a shabby deal.
The contest proved to be a good idea pretty much immediately. A few weeks after the competition, which was held in August, researchers for telecommunications company Level 3 Communications stated that they had detected several strains of malware that had attacked the websites from compromised IoT devices.
The Level 3 researchers partnered with Flashpoint, an internet risk-management firm, and found that close to one million devices, primarily security cameras and video recording devices, had been harnessed for botnet attacks. According to the Times, the researchers and those involved called it “a drastic shift” toward using IoT devices as hosts for attacks instead of traditional hosts, such as hijacked data center computers and computer routers in homes. Similar attempts were discovered with Wi-Fi hot spots and satellite antennas.
The concept of automated “cybersecurity systems” is still somewhat in its infancy, but partners should pay attention to this developing space in order to keep customers’ end points secured with the latest and greatest tech. Scientists agree that further development work needs to be done in order for the technology to be used broadly on commercial networks and the internet. “But this was a demonstration that automated cyberdefense is mature enough, and it’s coming,” said David Melski, captain of the second-place team in the contest.
To wrap up the week, we take a look at a few top-line takeaways from a comprehensive overview on ransomware that was written by Comodo’s senior research scientist, Kenneth Geers, in honor of National Cybersecurity Awareness Month. It’s no secret that this type of attack is now affecting everyone, from consumers to enterprises. Channel folks, take note.
As with all software, ransomware has varying levels of sophistication. Simple “lockers” have evolved to highly professional encryption, using solid public-key cryptography. Ransomware may not only encrypt files, but hard drives as well. Further, it can search for vulnerable network shares, and file backups. Monetary payment is typically the attacker’s goal. In exchange, the attacker will provide the victim with a program that can decrypt the files, or send an unlock code to undo the payload’s changes. Some companies are thought to have Bitcoin as part of their contingency planning.
All hope is not lost! There are many things you can do to proactively prevent and reactively respond to a ransomware infection. First things first: awareness of the problem, along with training in social engineering and fostering a suspicion of hyperlinks and email attachments. It is critically important to back up all data offline, not via network shares or a connected network shares. The attacker will find and encrypt those too. For reactive mitigation, enterprises should develop a range of contingency and business continuity plans, and realize that for sophisticated ransomware, recovery may not be possible. Make sure your managed service offerings include a Backup-as-a-Service component, and advise your customers that it’s not a matter of if they’ll fall victim to a ransomware attack, but what they’ll do when it happens.
About the Author
You May Also Like