[Records Exposed: Undisclosed | Industry: Government and Energy | Type Of Attack: Spear Phishing, Malware, Brute Force, Zero-Day]
The Russian Hacker group Fancy Bear poses an ongoing threat to the 2020 United States election. Known to sow discord and confusion through misinformation campaigns, the FBI warns that Fancy Bear has been ramping up their activity since May of 2020—now a mere three months before Americans hit the ballot box.
Global intelligence agencies maintain a fair amount of confidence that Fancy Bear is part of or works with Russia’s GRU. Translated, GRU is the Organization of the Main Intelligence Administration. It is an unofficial title shrouded in an air of secrecy. Dangerous GRU cyber activity victimizes countries across the globe for political power. Specific to the US, GRU was responsible for the DNC hack-and-leaks that resulted in a an extremely toxic misinformation campaign.
Fancy Bear also goes by APT28, where the APT stands for Advanced Persistent Threat. Indeed, it appears that Fancy Bear is persistently and relentlessly targeting the United States again. According to Wired, In May, the FBI informed victims from specific US-based organizations that they were targets of a Fancy Bear hacking campaign that started in December of 2018 and appears to be ongoing.
The FBI remains tight-lipped about the number of victims, amount of compromised data, and names of the affected organizations. In its statement to this round of Fancy Bear victims, the FBI confirms that “a wide range of US-based organizations, state and federal government agencies, and educational institutions,” were among those compromised. The notification also indicates that the energy sector was also a target. While it is important to note that the intent of these attacks is yet unknown, Russia’s power struggle and antagonistic nature with the United States continues.
Russia is known for its psychological warfare strategies including blackmail, misinformation campaigns, and even the tampering of utilities, which went so far as to lead to blackouts in Ukraine in 2015. If election tampering is the end game of Russia’s latest cyber mission, messing with the United States energy grid could prove disastrous.
Fancy Bear utilizes a number of strategies to gain access to internal information including spear phishing and malware, zero-day, and brute force attacks. These attacks mainly target enterprise email servers and personal and professional email accounts. Security firm FireEye believes that many of the victims’ credentials were stolen, as opposed to spear phished, due to the lack of malicious software found on the compromised systems. With stolen credentials, hackers simply log on as a verified user and navigate corporate networks as an employee would. Such a tactic easily evades detection from traditional cyber security methods.
Perhaps the best lesson learned from these recent developments is that hackers are always one step ahead. The 2016 election tampering utilized basic cyber insecurity structures such as governmental officials using personal email. Forgotten software patches were responsible for another set of compromises. Yet another vulnerability stemmed from users’ desire to access systems conveniently, which often meant disabling tedious security standards like MFA.
Here we are again, four years later, and it appears that Fancy Bear is preying on much the same weaknesses they did the last time, using the same tried and true hacking methods. Perhaps it is time that organizations go beyond optional security protocols and education as its main form of cyber security.
In order to ensure safety despite an organization’s weakest link, consider:
- Protecting personal email accounts – As the line between personal and professional accounts blur, a fact that is increasingly true during these new COVID-19 days of work-from-home, organizations may want to consider extending its heavy-duty security software to personal accounts as well.
- Prioritizing data – It is impossible to install an end-to-end fix-it-and-forget-it cyber security strategy. It is also impossible to protect everything from everyone all of the time. That’s why a strong cyber security strategy includes prioritizing the most important company data. Once that information is identified, it can then benefit from extra protection methods such as network segmentation and strong authorization and authentication.
- Holistic incident response – It isn’t enough to simply know how a hacker got in. Once inside, hackers gain access to all sorts of systems, covering their tracks as they go. In order to remove all access points from the hacker and to seal up all vulnerabilities they made and/or discovered along the way, an incident response needs to be holistic. In most cases, this involves hiring outside organizations who excel in this type of work. As always, notify the FBI at the very first sign of a data issue.
Read More: Incident Of The Week