Targeted phishing attacks are here to stay, says Kaspersky

Kaspersky Lab released its predictions for 2019 last week, with spear phishing highlighted as a top threat for businesses and consumers.

During a webinar on Thursday, researchers from the cybersecurity firm discussed which of the biggest stories of 2018 they perceive to be an ongoing hazard in the upcoming year.

Although it’s near impossible to predict the future shape of the threat landscape with any certainty, Kaspersky Lab’s top 10 predictions for 2019 include the lack of new Advanced Persistent Threats (APTs), advanced supply chain attacks, advanced hardware malware, and spear phishing.

“You’re never sure what will happen,” said Vicente Diaz from Kaspersky Lab’s global research and analysis team.

“But this is more or less what we see to be related to what we’re seeing now, or maybe in the next evolution.”

Targeted attacks

Spear phishing, a tried and tested formula, sees hackers targeting an individual or employee with a specially-crafted phishing message in the hopes of gaining access to their systems.

And it’s still one of the most successful attack methods used today, almost 10 years after the first case was reported, due to how some APTs continue to abuse it.

An APT is a group that conducts large-scale computer network attacks while remaining undetected for an extended period of time.

State-sponsored actors have long been associated with APTs, most commonly Kremlin-backed hackers and Chinese spies.

Diaz said: “You may be asking why we’re talking about spear phishing, it’s something that has been around for as far as I can remember, but what’s new here?

“Well, we want to remind everybody that this is still probably the most successful infection vector or method the APT groups are using.

“So what’s new here? What’s new is unfortunately during the last year, we saw some big social networks being attacked and leaking a high amount of data.

“This data has already reached some underground marketplaces at this moment… there are actors interested in that for sure.”

He added: “The more information you have about your victim, the easier it is. We already make a lot of information about ourselves public on social networks but in the case of when their credentials or even private messages are leaked, attackers are buying this information and can use this to their benefit.”

These APTs are usually given a colloquial name to easily identify them – examples include Cozy Bear (Russia), Sofacy or Fancy Bear (Russia), UPS Team (China), and Lazarus, thought to be from North Korea.

While these groups continue to surface year on year, Kaspersky believes they are old hacking groups rebranded under new names.

“We have also seen the re-emergence of some forgotten APT groups – the Cozy Bear APT, also known as APT29, which may have become famous because of the hack of the DNC (Democratic National Committee) together with Sofacy, which are two of the APT groups which succeeded in penetrating the DNC,” said Diaz.

“At the same time we’ve seen the reactivation of some Chinese-speaking APT groups. So the Obama cyber agreement from a couple of years ago is now pretty much over, and groups that had disappeared are now active again.”

Attacking the supply chain

Earlier this year, Bloomberg Businessweek published a report accusing Chinese spies of inserting chips into Super Micro motherboards.

Super Micro, which supplies hardware to some of the world’s biggest tech companies, denied it had allowed the Chinese government to perform the supply chain attack, while its customers also spoke out against the story.

Costin Raiu, also from Kaspersky Lab’s global research and analysis team, explained: “We know that at least some parts of the story do not appear to be true, so for instance, Apple and Amazon have denied that such hardware was found in their companies, and I believe there’s no reason to doubt their statements.”

“But also, how serious and how worrying are actual hardware supply chain attacks? Of course, in general, supply chain attacks are not something new and they’ve been around for quite a while.

“Truth be told, pretty much all big organizations have some kind of mitigation or set of mitigation strategies for supply chain attacks.”

He added: “The difficulty of implementing these kind of attacks is quite high, and there are probably easier ways of achieving the same purpose.”

RELATED Russian Cozy Bear cyberspies awake from hibernation to sling spyware