Weekly Executive Summary for Week Ending January 31, 2016

By John Atienza on February 2, 2016

There are recurring themes that occurred during this past week’s cyber incidents. Firstly, geopolitical events are driving the motives of APT groups and scammers alike
specifically New World Hacking, Sandworm , and Anonymous. DDoS and exploit kits have been the main
modes of attack for APT groups. A list of the following groups have been subjects of conversation for the week ending January 31, 2016.

  • Anonymous
  • Codoso / Sunshock / Sunshop Group
  • CtrlSec
  • AnonSec
  • New World Hacking

One noteworthy phishing campaign coming out of Nigeria are phishing emails requesting help with immigration and oil money claiming to be widows or former oil moguls from Syria looking for help in Europe. Another spear phishing campaign infected the Israeli Electric Authority with ransomware after which many of the systems were taken offline to prevent the spread of the malware.

The second theme that has reoccurred this week is the targeting of critical infrastructure involving SCADA systems. Israeli was hit by a phishing campaign, and Ukraine’s energy sector was hit by an APT team. Ukraine’s energy sector was hit with the BlackEnergy Trojan which helped takeout electricity for half of the Ivano-Frankivsk region of Ukraine’s population last month. The question being posed in this executive summary is, “Are nations doing enough to train future cyber security personnel to defend SCADA systems and critical infrastructure?”

Targeted industries include the following:

  • Finance
  • Banking
  • Software
  • Information Technology
  • Media and Entertainment
  • Critical Infrastructure (SCADA)

Finance and Banking are on the top of the list for targeted industries as HSBC was just hit with a DDoS attack and banking malware like Dridex are still an issue today.
Criminal cyber groups have been targeting online banking as a means of gaining funds. Ransomware has also been a favorite means of gaining money for shady cyber criminals.
In terms of  media and entertainment, British Broadcasting Company (BBC) was recently used as a testing ground for a massive 602 Gbps DDoS attack by the anti- ISIS group New World Hacking. The Hacker News . COM stated that this may have been the largest DDoS attack in history. DDoS attacks are on the rise and being able to mitigate against service interuption should be a priority for all businesses and entities that operate on the internet.

In terms of legislation in the works there are 2 bills that could affect how states and businesses conduct cyber defense operations and intelligence sharing. The State and Local Cyber Protection Act of 2015 passed the House of Representatives this past December, and this act will allow Federal agencies to assist State and Local governments in designing their own cyber defense operations. The second bill HR 1560 will allow companies to share cyber defense information with other businesses and the government without falling under Anti-trust laws. There have been complaints that the current version of this bill removed certain privacy protection sections. This bill has also passed the House of Representatives and is waiting to be discussed in the Senate.

In conclusion businesses and federal agencies should keep track of geopolitical events as these influence certain threat actors. Critical infrastructure needs to be protected. Banking malware and ransomware are still a problem. The use of DDoS as a means of cyber attack is on the rise. There are bills currently in proposal which will affect how businesses share defensive cyber information and when states/local government get assistance in terms of computer network defense. (CND)