- Expects attempts to destroy or shut down industrial facilities, or taking control
- Cybercriminals will learn from and use nation-states’ espionage tools
KASPERSKY Lab is seeing more attacks coming from a variety of groups, from criminal organisations to nation-states, as well as an increase in the use of cyber-espionage tools, according to founder, chairman and chief executive officer Eugene Kaspersky.
“We’re expecting more attacks on industrial environments, which is why our industrial security team will become ever more important.
“We’re afraid that the next target … from all groups … would be attempts to destroy or shut down industrial facilities, or even taking control of these assets for ransom,” he told a media conference at the recent Interpol World in Singapore.
Out of all categories of attackers, Eugene said that he is most afraid of cyber-terrorist attacks, as they can be the most unpredictable.
“We’re seeing the rise of traditional criminal groups employing professional IT talent to support traditional crime. I believe that all espionage tools developed by nation-states are dangerous because the cybercriminals will learn from it and use them as well.
“And you ask me ‘Who’s worse than the mafia?’ Well, terrorists. Especially for highly computerised nations such as Singapore that depend on IT systems much more than any other nation.
“Singapore is in a ‘dangerous zone’ in that sense, and in a similar situation with Israel,” he said, declaring that the world is already well into the age of the ‘Cyber Cold War.’
All’s fair in crime and war
Speaking of wars, Kaspersky Lab recorded a rare and unusual example of one cybercriminal attacking another in 2014.
Hellsing, a small and technically unremarkable cyber-espionage group targeting mostly government and diplomatic organisations in Asia, was subjected to a spear-phishing attack by another threat actor, and decided to strike back.
The discovery was made by Kaspersky Lab researchers looking into the activity of Naikon, a cyber-espionage group also targeting organisations in the Asia Pacific region.
The researchers noticed that one of Naikon’s targets had spotted the attempt to infect its systems with a spear-phishing email carrying a malicious attachment.
The target questioned the authenticity of the email with the sender and, apparently dissatisfied with the reply, did not open the attachment. Shortly thereafter, the target forwarded to the sender an email containing the target’s own malware.
This moved triggered Kaspersky Lab’s investigation and led to the discovery of the Hellsing APT (Advanced Persistent Threat) group. The method of counter-attack indicates that Hellsing wanted to identify the Naikon group and gather intelligence on it.
Kaspersky Lab believes that this could mark the emergence of a new trend in cybercriminal activity: The APT wars.
“In the past, we’ve seen APT groups accidentally hitting each other while stealing address books from victims, and then mass-mailing everyone on each of these lists,” said Costin Raiu, director of the Global Research and Analyst Team at Kaspersky Lab.
“However, considering the targeting and origin of the attack, it seems more likely that this is an example of a deliberate APT-on-APT attack,” he added.
Raiu said that the fact that this happens indicates cyber-espionage is becoming an important game, given that one party was “desperate enough” to resort to this counter-intelligence style attack to get information on attack visibility.
“The biggest problem on the Internet is that you never know who is attacking you, attribution is so difficult. That’s why we don't do attribution – we point to the technical evidence and pass this information along to organisations like Interpol.
“We do measure activity times though, to try and figure out when the attackers sleep or work, and in the Hellsing case, we estimate their time zone to be GMT+8, so they’re most likely in this region,” he added.
Raiu said that South-East Asia suffers from a lot of cyber-attacks and is a hot area for such activity, with motivation and purpose spilt between categories: Cybercriminals, nation-states and hacktivists.
“At the moment, there’s quite a bit of activity from nation-states which could be tied to the territorial disputes in the region, with islands being contests; while consumer-level threats are rising globally in general.
“Much of it has to do with the rise of cloud and mobile [technologies], with individual data being uploaded and stored in servers belonging to giant companies whose security in that area remains problematic,” he added.
READ ALSO: State-sponsored group that spied on Malaysia for 10 years
With the stakes being raised and competition heating up, it comes as no surprise to Eugene and the Kaspersky team that criminal organisations would do anything to stay ahead of the competition.
Eugene said that it is not unusual for a criminal organisation to remove a competitor’s malicious code in favour of installing its own.
“The funny thing is, we’ve discovered that they use Kaspersky antivirus software to clean computers before infecting them again,” he claimed.
“That’s proof we’re the best – even cybercriminals use our products!” he quipped.
Up Next: Business is good … unfortunately
State-sponsored group that spied on Malaysia for 10 years
Kaspersky warns of Regin, a complete espionage platform
Black hat hackers will be more sophisticated in 2015: Fortinet
Security industry to pay more attention to cyber-espionage: InfoWatch CEO
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.