BDO CYBER THREAT INSIGHTS 2018 2nd Quarter Report
14 August 2018
Nation-backed cyber-criminal activity stole the spotlight in a review of cyber activity during the first half of 2018.
Russia and China continue to be the most prominent cyber actors, both via:
-Nation-State cyber warfare groups, such as APT28 and APT29. These groups are highly capable and have considerable resources. In recent years, they have steadily begun focusing on espionage, destructive attacks and disinformation propagation via social media platforms and other media outlets.
-Cyber-Criminal groups, with Cobalt and Carbanak being the most noteworthy. These groups target a wide gamut of sectors, notably financial and healthcare organizations. A joint international operation arrested an individual suspected to be behind these groups in March.1 However, their operations have not been disrupted; Cobalt successfully executed a large phishing campaign in May.2
-Several Chinese attack campaigns also surfaced during the first half of the year. The two most notable attacks were against western defense/military targets, giving a reminder of China’s cyber capabilities and intentions. APT15, a Chinese-affiliated cyber espionage group, stole sensitive records and information from the UK military.
Chinese hackers stole over 600GB of data regarding submarines and classified weapon systems from a defense contractor of the U.S. Navy.
In May, an attack against Banco de Chile affected 9,000 computers and corrupted 500 servers, enabling the attackers to steal $10 million dollars via the SWIFT system. The attack is currently attributed to North Korea and was the first time that a financially motivated attacker targeting a large financial organization executed a financial heist in conjunction with a sophisticated and fully realized wiper attack.
This modus operandi will force organizations and companies across all industries to re-evaluate how they can better respond to and mitigate multi-vector attacks that take place against several systems. Furthermore, cyber-attack contingencies must be modified to allow a rapid, yet organized, shut-down of an organization’s computer systems to survive such attacks.
Download PDF document