Tag Archives: Pawn Storm

Pawn Storm: Back with a Vengeance to Target French Presidential Hopeful Macron

by Ross Dyer

Thought you’d seen the last of prolific hacking group Pawn Storm? Think again. Just-published research from Trend Micro reveals fascinating new insights into one of the world’s longest-running cyber espionage groups. As politicians in the US continue to argue over the impact of its audacious campaign against Democratic Party officials last year, Pawn Storm is at it again, attempting to influence public option ahead of major elections in France and Germany.

We’ve discovered multiple phishing domains set up by the group explicitly to target French presidential front-runner Emmanuel Macron and German political organisations allied to two main parties there.

Our report, Two Years of Pawn Storm, reveals a highly organised and sophisticated group whose tactics should make essential reading for any IT security professional looking to improve their organisation’s defences. Continue reading

Extortion, Destruction and Lethal IoT Failures Make 2016 a Year to Watch

by Bharat Mistry

It’s been a pretty hectic 12 months, but for UK CISOs the bad news is that 2016 is unlikely to bring with it any respite. Over the past year we’ve seen a never-ending avalanche of data breaches, nation state espionage attacks and hacktivist campaigns; sophisticated new malware; and a return of some old attack techniques. And all of this against an ever more volatile regulatory compliance backdrop that threatens to turn up the pressure even more next year.

We’ll be doing our bit by continuing to protect our customers from the latest threats with innovative new products, and working with law enforcement to hit the bad guys where it hurts. But security bosses should also start planning now to overcome the key challenges Trend Micro predicts for 2016.

A year in security
Organisations on both sides of the Atlantic showed they are still ill-equipped to cope with targeted attacks and continue to make basic security errors allowing hackers to strike. Whether it was the apparently insider-related attack on infidelity site Ashley Madison or the more traditional targeted intrusions at major US healthcare firms Anthem and Premera and the massive OPM federal breach, it was no real surprise that the data breaches kept on coming in 2015. The UK had its fair share of incidents too, many of which were punished by the Information Commissioner’s Office (ICO). The TalkTalk breach turned out to be less serious than at first thought but shows that some British firms are no better at securing customer data than their global counterparts.

At a nation state level our tracking of the Pawn Storm crew’s attacks on NATO members and the White House proved it’s not just China and the US with cyber espionage capabilities. And a devastating strike which took out several TV5Monde TV channels reminded us of the real world damage that cyber attacks can inflict. It was disappointing to see the results of a new Quocirca study sponsored by Trend Micro which found that although complacency about breaches has dropped this year, 12% of the firms that said they’d been targeted didn’t know whether data had been taken or not. Some didn’t even know how much data they’d lost.

Another study we released, this time with the Ponemon Institute, warned of the threat to privacy and security from nascent IoT technologies.

Fighting back
We’ve done our best to help our customers stem the rising tide of attacks this past year, beyond providing industry leading products which received accolades from the likes of NSS Labs (Deep Discovery), Gartner, the V3 Awards (Deep Security) and the IAIR Awards (cloud security company of the year). Deep Security’s virtual patching capabilities have helped countless businesses continue to run Windows Server 2003 beyond the deadline for end of support earlier this year. And a landmark MoU agreement with the NCA has seen our threat researchers working hand-in-hand with the crime agency on cases – already resulting in the arrest of two suspects in the UK. Those same researchers have also lifted the lid on the shadowy Deep Web cybercrime markets of Japan, China, Germany and beyond in some fantastic reports this year.

We’ve also been awarded the “EICAR trusted IT security” seal of quality for Deep Security, Deep Discovery and OfficeScan – independent proof that none of these products have been tampered with by nation states.

Trouble ahead
But unfortunately the hard work never stops. Already lined up for next year are major changes to the regulatory environment, with the European General Data Protection Regulation and Network and Information Security Directive set to be finalised. And there’s a new Safe Harbour agreement to be thrashed out with US negotiators. Organisations desperately need their own Data Protection Officers (DPOs) to handle these coming compliance requirements and co-ordinate an effective response to data security threats. Yet we predict that fewer than 50% of organisations will have one installed by the end of next year.

Our other predictions for 2016 include the following:

  • Threats will increasingly focus on extortion
  • A failure in at least one consumer-grade IoT device will prove lethal
  • Mobile malware will hit 20 million, driven by China
  • Destructive cyber attacks will increase
  • Ad blocking will kill malvertising
  • Cybercrime prevention efforts will get more successful

Check out our latest report, The Fine Line: 2016 Security Predictions, for more. And we wish you all a very happy Christmas and prosperous New Year.

 

Sheltering From Pawn Storm: How Multi-Layered Protection Can Combat Zero Day Threats

by Bharat Mistry

We’ve been raising awareness around the dangers of targeted attacks and APTs for several years now. There are many things organisations can do to minimise the risk of serious data loss via such an incident – not least to invest in cyber security tools from an industry leader. But sometimes we come across groups whose advanced attack techniques can overwhelm all but the most heavily defended organisations.

Pawn Storm is one such campaign. Recently we discovered a new weapon in the group’s formidable arsenal, which has already been fired at several foreign ministries around the world. Continue reading

TV5 Monde, Russia and the CyberCaliphate

by Rik Ferguson

Yesterday evening French magazine L’Express published a report linking an attack against TV5 Monde very firmly to the Russian state. The attack, which knocked 11 of its global channels off air for a period of time and resulted in a compromised website and Facebook page, took place back in April.

At the time when the attack took place, a group calling itself CyberCaliphate immediately took responsibility for the hack and went on to publish details purportedly of serving French military personnel involved in the struggle against Islamic State or ISIS. The attribution at the time seems simple and immediate; Islamic Extremist motivated hacktivism. Continue reading