Organised cybercrime is now as sophisticated as any government-backed hacking group -- and businesses are losing the fight against both.
Cybercriminal groups are more organised than ever. Many of the most sophisticated groups operate as if they were a legitimate internet software company -- and they're rivalling the capabilities of even the most highly drilled state-sponsored hacking group. The distinction between state-sponsored actors and hacking gangs no longer exists.
"While nation-states continue to set a high bar for sophisticated cyberattacks, some financial threat actors have caught up to the point where we no longer see the line separating the two," warns the new 2017 M-Trends report by cybersecurity researchers at FireEye.
"Financial attackers have improved their tactics, techniques, and procedures (TTPs) to the point where they have become difficult to detect and, challenging to investigate and remediate."
These financial attackers are so focused on their objectives and so skilled and resourced that they're able to build custom backdoors with a "unique configuration for each compromised system", the report warns.
This further increases the resilience of cyberattacks and malware, and makes it harder for even the most advanced forensic techniques to track what has happened when malicious activity is discovered.
The advanced nature of these cybercriminal tactics means that organisations are struggling to keep up with the latest hacking threats, with researchers stating how defensive capabilities have been "slow to evolve and respond".
Many organisations are "still lacking fundamental security controls and capabilities to either prevent breaches or to minimize the damages and consequences of an inevitable compromise", the report warns.
One of the methods cybercriminal actors are using to infiltrate targets is phishing emails which have become almost indistinguishable from a real message as attackers customise their emails to a specific client, location, or employee.
Attackers are even willing to take a hands-on approach with specific victims in order to gain entry to a target network. The report notes instances where hackers have phoned targets in order to help them enable macros in a phishing document, so as to allow malicious payloads to be deployed.
While potential hacking in the recent US election has received much attention, the FireEye report argues that EMEA is particularly vulnerable to cybercriminal interference. It says Russian-backed hackers may be trying to influence elections throughout the European Union -- a claim which NATO has also made.
"In 2016 we saw cyberattacks spread widely and publicly into areas such as elections and attackers became more sophisticated," says Stuart McKenzie, vice pesident of Mandiant at FireEye. "There is still much to do as attackers only need a few days to complete their objectives."
READ MORE ON CYBERCRIME
- New wave of cyberattacks against global banks linked to Lazarus cybercrime group
- Cyber thieves rob another bank by hacking into Swift financial network [CNET]
- Cybercrime gang uses Google services for malware command and control
- How banks fight back against cyberattacks [TechRepublic]
- Cybercrime and cyberwar: A spotter's guide to the groups that are out to get you