Stopping Russian cyberattacks at their source

In 2016, Lazarus, a notorious hacking group, aimed to steal a billion dollars through the SWIFT interbank communication system. How did the group do it? Social engineering.

Using an innocuous email purporting to be from a job applicant, the hackers gained entry into Bangladesh’s central bank system almost a year earlier. Once in, they learned how SWIFT (the Society for Worldwide Interbank Financial Telecommunication) worked and began to transfer a billion dollars from the Federal Reserve Bank of New York. The heist was accidentally discovered when a staffer at the bank staffer rebooted a hacked printer, which spit out the New York Fed’s confirmation messages in its queue. This stalled that hack, but not before $81 million was stolen.

Lazarus Group members were from North Korea. Its hackers, given the limited access to computing, aren’t the best. Russia’s are. They have developed some of the most potent malware we have seen yet. And if China were to team up with Russia, and there is evidence it is likely to, then we are in for some increasingly brazen attacks.

For context, every major hack in the past decade has origins in one of these nations. Russian hackers slipped malicious code into SolarWinds’ Orion program and got access to the Pentagon and the Cybersecurity and Infrastructure Security Agency (CISA), the DHS office responsible for protecting federal networks. Most ransomware also has roots in Russia. Estimates are that one in three organizations globally is a victim of these attacks, and they are enormously lucrative for hackers. Last year, the meat packer JBS paid $11 million in ransom; Colonial Pipeline paid $5 million. Some of it was recovered, but all of us paid through increased prices. And almost all of this involved social engineering.

Add to this the hacking prowess of China. Data stolen from sources as varied as from the Office of Personnel Management (OPM) to every major retailer can be traced to China. According to reports, sophisticated mining operations there are helping Russians craft highly persuasive social engineering attacks.

Growing Russian Hacker Threat
Once isolated and removed from banking systems such as SWIFT, it’s a question of time until Russia turns more sharply toward hacking. And if the country’s currency implodes further and it no longer cares about the rules-based global economy, there will be no way to hold it to account and disruptions will increase. We will end up paying through ransom payments, supply shortages, and higher prices. We have to stop this at its source by protecting users — all of us — the primary conduit through which malware gets into organizations.

To read the complete article, visit Dark Reading.