The Cybersecurity War Continues: Black Hats vs. the Red Team
March 28, 2020 | 4 minute read
The Cybersecurity War Continues: Black Hats vs. the Red Team
Organized cybercrime is on the rise, and undoubtedly so. Ideological hackers, like Anonymous and the Syrian Electronic Army, have proved their abilities to quickly mobilize forces and to access botnets and resources, resulting in cyber attacks that are only growing in sophistication.
It’s come to the (frightening) reality that 80% of black-hat hackers are affiliated with organized cyber crime.
Who can stand up to the black-hatted perpetrators? What does it take? Is there anyone out there (that can)?
Akamai said it first: hacktivism is thriving. Hacktivists worldwide are like-minded in their incentive to utilize sophisticated attack tools, and their accountable presence around the globe is both enabled and fostered by online platforms, such as social media.
They’re determined to hacktivate, and our hyperconnected cyberspace gives them the support they need.
They make it happen; by accessing botnets and the resources they need, cyber attacks are repeatedly launched.
Through protest, revenge, and of course, propaganda, hacktivists are (aiming and) rising high.
Cybersecurity Battles, Bank vs. Hacktivists Battles
Global Financial Network, SWIFT, used by banks to transfer billions of dollars every day, was exploited by hackers in order to access banks and execute fraudulent transfers of mammoth amounts.
True, the SWIFT network is remarkably innovative, built to uphold a firm security posture.
At the same time, this is a rare, yet critical incident, as the amounts alone aren’t the only thing that keep us (and frankly, the hackers, too) up at night. It’s the hackers’ materializing goal: to reach an estimate of 11,000 banks.
To name a few:
Between the 4th and 5th of February, Bangladesh Bank’s cyber-heist kicked off. The results were gruesome: $81 million were fraudulently transferred from the US Federal Reserve in New York -- to the bank accounts of four different men in the Philippines.
As a matter of fact, to their misfortune, the Philippines is actually considered by many to be a cyber crime hotspot.
True, the intended (and highly possible) amount of money to be stolen was actually $951 million. But, let’s be frank: $81 million is still (much) higher than anybody would want to lose.How Organized Crime Made the Heist Happen
The hackers used ‘Remote Access Trojan’, which is infact a bespoke spyware for the Bangladesh Bank system, designed to pull of the APT that gave them the credentials for payment transfers, along with remote control over the Bangladesh Bank’s computer system, and ultimately, send almost 3 dozen (fraudulent) payment requests to the Federal Reserve.
The cyber-heist made the cut: deep into the cutting-edge SWIFT technology.
Once accessing the computer system, the hackers sent through all of these transfer requests. The first four requests went through, but when it came to the fifth one, a force of cyber awareness struck, and the fraudulent efforts were suddenly sniffed.
The fifth request was sent ’on behalf’ of “The Shakila Foundation”, a (fake) Sri-Lankan NPO.
But the suave criminals didn’t even notice their own typo, as they wrote ‘fandation’ instead of ‘foundation’.
Luckily enough, the spelling error caught the attention of an employee at Deutsche Bank, who then sent a clarification request to verify the identity of the suspicious request’s sender.
This fifth-attempt failure is what logically explains the $81 million out of $951 million theft achievement, which the Guardian actually calls “one of the largest known bank thefts in history”.
The aftermath doesn’t look pretty, either. Bangladesh Bank officials themselves have even admitted that it may take them at least two years to recover, if that.
Organized Crime Goes Beyond SWIFT
But the risk posed by hacktivists isn’t only a matter of technology, it’s a matter of preparedness, and preventing the worst by expecting, well, the worst.
Bank of England
“We Must Strike at the Heart of the Empire”
Organized crime, (including, but not limited to, hacktivism) extends beyond places that are coined ‘cyber crime hotspots’, where organizations like Comelec have fallen victim.
Most recently, hacktivist group ‘Anonymous’ made their way to the British bank scene, and managed to shut down the Bank of England.
This time, the hacktivists (read: Anonymous) started their campaign with “Operation Icarus: Shut Down the Banks” --
Anonymous kicked off this campaign with a video, “Shut Down the Banks”
One reason stated by Anonymous in this video was “we must strike at the heart of their empire” -- their meaning the powerful institutions such as banks that keep society running, but more so, that use confidentiality to mask their ‘coalition of corruption’.
In their kick-off, Anonymous seeks to empower “the freedom of information...the free and open exchange of ideas…” This would be made possible by intercepting the “system centered within the NYSE and the Bank of England (BOE), which is exactly who they started with: they shut down the BOE.
Between May 12-13, Anonymous performed a DDoS attack on BOE, which resulted in the bank’s internal email server, mail.bankofengland.co.uk, to shut down.
Not much is confirmed about the non-fictional Bank of England shut-down. Until then, there’s still much to discuss.
“When Falls the Bank of England, England Falls”
This isn’t the first time that the Bank of England had a dramatic shut down. In fact, it’s happened in the past, long before cybersecurity was a growing risk, or to be more precise, before cybersecurity even existed.
And, this time, there’s crisp video content on the matter:
There’s a few differences between this BOE shut-down and the one that Anonymous pulled off:
It takes place in 1910, and was caused by two regular children, Jane and Michael Banks, who came to the Bank of England one day with their father, as their nanny, Mary Poppins, took the day off.
Yes, it’s true. The Mary Poppins scene is fictional, but as history has shown, it can, does, and will happen.
Walt Disney may or may not have been consciously giving us a glimpse into the future, using his storytelling to send subliminal messages (now that we mention it, Disney’s words of “when falls the Bank of England, England falls”, sounds a lot like Anonymous’s punchline: to “strike at the heart of the empire”.
The only difference is that Anonymous is warning us against the perils of capitalism and governance, as they seek to achieve in Operation Icarus.
All that being said, there is at least one force we have now that didn’t exist at the turn of the twentieth century: An Automated Red Team.
How Automated Red Teams Defy Hacktivists
Automated red teams, or as we call ours, our CyberOPS team, acts on the assumption that every organization does not bear the possibility of becoming a cyber attack target. They will become a target, it’s only a matter of when.
This is actually the exact forte of Cyber Posture Paul, our Solution for Cyber Posture Management.
To be exact, Paul is our Cyber Posture Physician, on the job to continuously assess your cybersecurity posture.
Paul simulates complex attack scenarios, such as APT Attacks, Spear Phishing, Espionage, Data Theft, Account Takeover, and DDoS.
He does this by executing technology and services that test your organization’s controls, employees' awareness and your internal process for detection, prevention and response.
Paul continuously maps and analyzes your attack surface, and allows you to orchestrate complex attack scenarios against your organization.
Collectively, Paul’s simulators validate each organization’s awareness, efficiency, and maturity across all stages of the Cyber ‘Kill Chain’, and tests their timing capability for detection and response to attacks.
This collective approach is a perfect match for organized crime, and especially hacktivists, who thrive on their networking abilities to act as a unified, omnipresent force.
Paul’s simulation enables every organization’s cyber readiness to be continuously measured and monitored, all from the perspective of a hacker.
Finally, organizations have visibility into where their weaknesses lie.