Hackers Are Impersonating Each Other to Hide Their Real Agendas
Threat actors have been using cyber-disguises to keep their true intentions secret, according to a report published today by Optiv Security.
Typical cyber threat intelligence usually categorizes threat actors in fixed classes, such as nation-states, cyber-criminals, commercial entities, and hacktivists. But, according to Optiv’s new 2019 Cyber Threat Intelligence Estimate (CTIE) report, "it’s a mistake to assume these categories are rigid or to assume that a threat actor’s classification is static."
The CTIE report is inspired by national intelligence estimates, which are analytic reports produced by the intelligence community of the United States for consumption by Congress. The CTIE comprises contributions from Optiv’s Global Threat Intelligence Center (gTIC), cyber threat intelligence company IntSights, and Carbon Black, a leader in cloud endpoint protection.
Optiv researchers found that it's not unusual for threat actors to have multiple criminal identities that they can switch between to get what they want without revealing who they are or what their actual agenda is.
For example, nation-state actors may pretend to be just a regular cyber-criminal targeting a company’s customer database, when in reality their target is to delve into the firm's deepest recesses to steal its intellectual property.
According to the report: "Sometimes threat actors may masquerade as a certain type in order to hide their true agenda. Or, threat actors may belong to two or more classes, switching between them as their priorities change."
Threat actors who demonstrate this switching behavior to cloak the true nature of their dastardly deeds are described by Optiv's researchers as "hybrid threat actors." According to the report, their primary targets are governments, manufacturing, energy, and utilities.
Other findings of the report are that crypto-jacking and ransomware attacks are increasing in popularity, and that retail, healthcare, government, and financial institutions continue to be among the most targeted verticals of cybersecurity attacks or attempts among the 10 categories of Optiv clients.
"Cyberspace has become more hostile. Hackers are more organized and sophisticated in 2019, and we’re seeing malicious attackers increase their counter measures to avoid detection,” said Tom Kellermann, chief cybersecurity officer at Carbon Black.
"According to our research, no vertical is immune, but the financial industry continues to stand out as a key target for advanced attacks. We hope cybersecurity leaders and teams will use this data as a clarion call to improve their cybersecurity postures."
Gloss