A new report on cyber attacks has identified some patterns and characteristics of cyber attacks that have recently surfaced, including alleged targeted attacks against the US government. But make no mistake, the report by FireEye warns that cyber attacks are not limited to governments alone.
FireEye, a security solutions provider, recently released its report titled “Digital Bread Crumbs: Seven Clues to Identifying Who’s Behind Advanced Cyber Attacks.” The report is based on 1,500 campaigns tracked by FireEye.
FireEye released the report to help organisations find some key trends that can help identify the cyber attackers to prevent future attacks. Using cyber forensic techniques, the report identified certain characteristics of attacks, including attack behaviour, malware metadata, keyboard layout, embedded fonts, DNS registration, language, and remote administration tool configuration. These characteristics can help identify attacks specific to a particular country or region.
“In today’s cyber threat landscape, identifying your enemy is a crucial piece of any defence plan,” said Ashar Aziz, CTO and founder, FireEye. “When it comes to advanced cyber attacks, finding out who your attackers are, how they work, and what they are after is critical to protecting your data and intellectual property.”
The report noted that cyber attack detection and prevention is both a science and an art.
“Cyber criminals are experts at misdirection, so take no sign at face value. Before reaching any conclusions about the source of an attack, FireEye strongly recommends weighing evidence from multiple sources and enlisting digital forensics experts,” the report read.
Through the analysis of malware metadata, FireEye was able to track a previously undisclosed tactic used by the so-called Chinese “Comment Crew”, a notorious hacker group linked earlier this year to a series of attacks against the US government.
Aziz said cyber attackers leave “digital bread crumbs” that give them away inside their malware code, phishing emails, command-and-control servers, and even basic behaviours.
“Just as the science of fingerprints, DNA, and fiber analysis have become invaluable in criminal forensics, connecting the dots of a cyber attack can help identify even sophisticated threat actors — if researchers know what to look for,” said Aziz.
The report also noted that cyber attacks target both government and private organisations for a variety of reasons.
“It was thought that cyber espionage is only affecting the government, however, this is no longer true,” said Chong Rong Hwa, senior malware researcher, FireEye Singapore. “Through the profiling techniques mentioned in the “Digital Bread Crumbs,” we have learnt that various Advanced Persistent Threat (APT) threat actors are interested in almost every agency and company across industries. They usually hack for competitive reasons, wealth creation, intelligence against eventual target, or even disruption and destruction. It makes me realise that for each company that exists, there must be value in it.”
Sign up for Computerworld eNewsletters.