How Iranian Hackers Tricked their Prey

Posted on

For years, Iran has been a leader in state-sponsored hacking, attacking governments and businesses across the world. While the government has proven their advanced abilities, other groups in the area have been able to operate without detection. Until now, the world was unaware of the power these cyber-terrorists developed. This summer, security experts from TrapX, who were working for a military contractor, spent 18 days battling a team of advanced hackers trying to break into their network.

The hackers were believed to be Iranian but were using a tool-set created by a known Russian hacker that is typically circulated through Russian dark-net forums. Additionally, the web domains and email addresses used during the attack have Russian origins and continue to be used by a known Russian hacker. This type of attack is similar to one in 2015, where the hackers were able to shut down portions of Ukraine’s power grid.  There were also similarities to hundreds of other attacks that the Iranians attempted and executed.

During these attacks, hackers mimick internal IP addresses to try to enter a system undetected. A majority of these codes were identical to those used in 2015. Although they didn’t utilize the most advanced hacking methods, the team dedicated a lot of time to the planning and execution of their attack. Once the firm’s experts detected the hacking, the criminals would lie in wait for their next opportunity.

The team defending the network was sure they could continue to protect against the code they had studied. However, during the last attempt to enter the system, the attackers utilized a groundbreaking new tool that was created to be encrypted and to evade typical methods of analyzation. Understanding this new tool took weeks for the team of experts.  For the military contractor to win the battle, their team of cyber-security experts set up a bait network with fake information to lure them in. Then, once the hackers were in the system, the experts could learn their behavior and set up a defense against it within the real networks.

Although the TrapX team had a successful defense method, this type of attack leads governmental and business organizations around the world to question their current defense methods. It is critical that all hardware and software is updated frequently to be able to thwart off hackers, but there is no sure-fire way to protect an infrastructure. If you are interested in building a proactive response for your business, including a backup and disaster recovery plan, contact us today to get started!

The WannaCry Virus

Recently, a cyber-attack known as WannaCry took hostage hundreds of thousands of public and private Microsoft computers around the world. Computers were affected in more than 150 countries, making this the largest recorded ransomware attack. This virus is a form of ransomware, which encrypts files until a monetary ransom is paid. Often, these ransoms will double after a certain period of time and if they are not paid within the set time, all of the files will remain encrypted. Once the ransom is paid, a key is provided that will unlock the files. In this case, the requested ransom was around $300.

Victims of these attacks include a healthcare company in Britain, where patients had to be turned away from more than 36 hospitals, doctor’s offices, and ambulance companies. Thankfully, patient data was not compromised during this attack. In Russia, the Interior Ministry’s computers were frozen. In the United States, FedEx became a target.

These types of attacks are usually triggered by malicious attachments in emails that are designed to mimic legitimate sources. Microsoft was aware of this vulnerability and had released software updates to protect customers from these types of attacks. However, many people have outdated software which allowed them to remain vulnerable. It has yet to be reported the total amount victims paid.

It is rumored that the strategy of this attack is rooted in the N.S.A. because of the comments made when the plans were posted online previous to the attack. A group who identifies itself as the “Shadow Brokers” claimed that the numerous hacking tools they posted online were stolen from the U.S. Government. These tools targeted firewalls, anti-virus programs, and Microsoft products. This is especially concerning because the N.S.A. is taxpayer funded. The N.S.A. has denied this allegation but some sources claim that former officials have suggested the content looks similar to other N.S.A. documents.

The United States has used cyber-attacks against other governments in the past and it is known that they have classified information on these types of vulnerabilities. Former President Obama’s administration developed a process to determine which of these vulnerabilities should be kept in a classified setting and which ones should be reported to the companies so they can be fixed.

Our team strives to provide prompt, cloud based updates to our customers so that their software is always up to date. We also employ both network security and email filtration measures in order to further reduce the risks of these types of attacks. If you are curious about how we have helped protect other companies or are ready to trust us with your technical security, contact us today to get started.