Font Size: A A A


Threat actor update

There used to only be dozens of cyber threat actors, but the IT security product company Kaspersky Lab says that its Global Research and Analysis team now tracks the activity of more than 100 threat actors and sophisticated malicious operations targeting commercial and government organisations in 85 countries.

The growing numbers show that sophisticated threat actors are actively improving and extending their arsenal, and a lot of new actors are coming to the stage, significantly raising the overall levels of danger, according to the IT firm.

Targeted attacks are not an elite activity any more. While in previous years this kind of operation would require a lot of specialists with specific skills and funding, nowadays Kaspersky Lab researchers are observing the emergence of smaller – and not necessarily sophisticated – yet efficient cyber-espionage campaigns. These groups are hunting for sensitive information, which can be used to gain geopolitical advantages or even sold to anyone willing to pay.

Based on the analysis of the intelligence gathered on these campaigns, Kaspersky researchers have been able to create a top list of organisations, which are more at risk than others of becoming a target of cyberespionage, or a sophisticated cybercriminal operation.

· Government and diplomatic organisations
· Financial institutions
· Energy companies
· Telecommunications companies
· Aerospace organisations
· Military contractors
· Educational organisations
· Healthcare organisations
· Activists
· IT companies
· Diplomatic organisations

Targeted attacks are a problem the researchers add because the tactics of almost any of the existing groups involve utilising tools that overcome traditional endpoint and network protection solutions. Even if solutions are effective in regards to usual, and some sophisticated, malware, they cannot provide a 100 per cent detection guarantee when it comes to targeted attacks. This is due to the fact that actors behind sophisticated campaigns are professionals in social engineering. For example, they may use zero-day vulnerabilities, and they’re increasingly using legitimate tools for remote access instead of actual malware. That is why, nowadays, reliable security software in a corporate IT infrastructure must be accompanied by intelligence – security teams need to be backed up with expertise, so that they know when to be alarmed and what clues to look for if their organisation becomes a threat actor target.

Costin Raiu, Director of Global Research and Analysis Team at Kaspersky Lab said: “We’ve been tracking sophisticated targeted attacks for more than six years now, and we have seen this kind of activity become a widely used tool for espionage and money theft. Targeted attacks can affect many different types of organisations, it’s not just governments that are affected. Multiple commercial organisations – especially from the enterprise sector – are in danger as well. They might become an organisation of interest for attackers because they cooperate with government and military entities, or because they hold valuable intellectual property, or just because they have access to large financial assets. In this situation, getting an early warning on an emerging malicious campaign targeting a certain type of organisations is crucial for entities that are willing to protect their sensitive data reliably. Intelligence based services that make it possible for enterprise security teams to access data about the latest sophisticated threats is a must nowadays.”


Related News