From Fancy Bear to Lazarus: Who are the major global hacking groups?

19 Feb 2018

The Fancy Bear hacking group apparently operates out of Russia. Image: kryzhov/Shutterstock

Global hacking organisations and record vulnerabilities for Microsoft feature in this week’s cybersecurity digest.

Researchers last week discovered a bug in Apple’s latest OS update that caused apps to crash when a Telugu character was displayed. A fix is expected before the release of iOS 11.3.

Over at Google, Chrome is ordering websites with annoying and intrusive ads to shape up or face ad filtering, with people finding it difficult to decide whether it’s good or bad news for users and advertisers alike.

Meanwhile, media company Salon wants to use reader processors to mine cryptocurrency.

So, what else is going on in the world of infosec?

Fancy Bear and Lazarus

It’s no secret that many of the major cyberattacks often have geopolitical motives behind them. But who are the entities behind these chaotic events? From North Korea’s Lazarus Group, to APT35 – believed to operate out of the Middle East – DarkReading has a guide to what kind of attacks each group is known for, as well as their primary targets.

Comodo Threat Research Labs recently released a report showing correlations between major geopolitical events and spikes in malware instances around the world, so it’s likely we will keep seeing these names in future.

Belgian court tells Facebook: ‘Stop collecting user data’

Last Friday (16 February), a Belgian court ruled that Facebook had broken privacy laws by tracking users on third-party websites. The court said the company “informs us insufficiently about gathering information about us, the kind of data it collects, what it does with that data and how long it stores it. It also does not gain our consent to collect and store all this information.”

Facebook was ordered to delete all the data it gathered that was deemed to have been obtained through illegal means, but the company intends to appeal, saying the cookies and pixel tracking on third-party sites are “industry-standard technologies”.

Google-Nest merger sparking privacy worries

Google purchased smart home accessory firm Nest several years ago and, although privacy experts had initial concerns, the business was run under Alphabet and data was not collected by wider Google business units.

This looks set to change as Nest CEO Marwan Fawaz said Nest and Google Hardware’s teams will now be working together to “supercharge Nest’s mission” after a lacklustre performance from the latter since it was acquired.

Big Brother Watch group director Silkie Carlo raised concerns over the development: “Adding data from Nest’s home sensors and security cameras will significantly expand Google’s monopoly on personal data.”

Microsoft vulnerabilities reached a record high in 2017

Although Microsoft vulnerabilities have more than doubled since 2013, 2017 saw the largest year-on-year increase in vulnerabilities by volume, with 685 reported compared to 2016’s total of just 451. Incidents involving Microsoft Office increased by a massive 89pc and Microsoft browser vulnerabilities increased 98pc since 2016.

The 2017 Microsoft Vulnerabilities Report from Avecto also gave enterprises advice on how best to protect themselves from these risks.

Siemens, IBM and others sign major cybersecurity and critical infrastructure charter

Nine major firms have signed a charter of trust and agreed to pioneer independent certification schemes for infrastructure. NXP, SGS, Deutsche Telekom, Siemens, Airbus, Allianz, Daimler Group, IBM and the Munich Security Conference have all signed the charter, which calls for dedicated cybersecurity ministries in governments as well as mandatory CISOs at companies.

Siemens CEO Joe Kaeser said: “Confidence that the security of data and networked systems is guaranteed is a key element of the digital transformation. That’s why we have to make the digital world more secure and more trustworthy.”

Hackers jailed for decade-old breach that cost $300m

In 2009, Heartland Payment Systems announced that its processing systems had been breached the year before, with hundreds of millions lost by corporate victims. Heartland was the biggest card data breach at the time, but it was in fact part of a global hacking scheme.

Last week, Vladimir Drinkman and Dmitriy Smilianets – members of the hacking ring responsible – were sent to federal prison in New Jersey, almost a decade after the event itself. A simple SQL injection caused the havoc all those years ago.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com