A distinction can no longer be drawn between state-backed hackers and organised cyber crime gangs, according to a new report from FireEye.
In its 2017 M-Trends report, the online security firm observes that organised cyber criminals are now equally as sophisticated as government-supported hackers, and that businesses are losing the fight against both groups.
“When it comes to attack trends, we are seeing a much higher degree of sophistication than ever before,” the report says.
“While nation-states continue to set a high bar for sophisticated cyberattacks, some financial threat actors have caught up to the point where we no longer see the line separating the two.
“Financial attackers have improved their tactics, techniques, and procedures (TTPs) to the point where they have become difficult to detect and, challenging to investigate and remediate.”
The study found that while organisations around the world are becoming better at identifying breaches, defensive capabilities have been slow to evolve, with both victim organisations and the online security industry still lacking fundamental controls and capabilities to prevent attacks or minimise the consequences of compromises.
Commenting on the report’s findings, Chris Nutt, Managing Director at Mandiant, a FireEye company, said: “The types of attacks we are seeing are familiar, but with increasing sophistication. Determined attackers are extremely persistent and demonstrate increasing ingenuity in achieving their objectives. Organisations still need to focus on the fundamentals of IT security.”
As well as deploying phishing emails that have become almost indistinguishable from authentic messages, the study found cyber crime actors are increasingly calling companies by phone to con staff members into enabling macros in the compromised documents they send, allowing malicious payloads to be deployed.
“In 2016 we saw cyber attacks spread widely and publicly into areas such as elections and attackers became more sophisticated,” commented Stuart McKenzie, Vice President of Mandiant at FireEye.
“There is still much to do as attackers only need a few days to complete their objectives.”
The study was published after UK law enforcement agencies warned that hackers are targeting British businesses by imitating nation state-style attacks.
In their first joint report, the National Cyber Security Centre and the National Crime Agency (NCA) said that organised criminal groups are emulating the methods used by state-sponsored hackers to attack financial institutions.
The study notes that the lines between government-backed hackers and organised cyber crime gangs is continuing to blur, with actors from both groups learning from one another and in some cases sharing resources.
Donald Toon, Director for Economic and Cyber Crime at the NCA, commented: “These threats demonstrate the need for a collaborative response across industry, law enforcement and government, with the ultimate aim of protecting customers and the UK economy.”