Over the years, more and more advanced cyber threats appear. Many times state hackers do cyber attacks, with the ultimate goal of gaining their countries. But where do they focus more on their attacks? Now, government hackers are focusing more on stealing credentials than stealing money. But why is this happening?
Speaking to Virtual Update, Jens Monrad, head of MandE Threat Intelligence EMEA at FireEye, focused on attacks by Russia, Iran and China, as well as in the various activities of these countries. Monrad said the attacks were easy because of the user's common digital fingerprint, which could allow an attacker to snatch items related to the victim and use them in a script. social engineering.
He also explained how the detection malware by FireEye focuses on stealing credentials and stealing information, no matter what the motive for an attack - if one can steal or buy stolen credentials - it will make "less noise" in the business. Credentials can vary - from anything that requires a username and password access, up to databases or access to in cloud environments.
Monrad also pointed out that from the perspective of cybercrime or even as part of the nation-state campaign, the purchase of these credentials can enable one to quietly invade a system. If it is a cybercriminal who develops ransomware after a breach, this will ensure the success of his invasions.
This is why Mandiant focuses on stealing credentials, as it considers it a challenge for organizations to control their credentials, track stolen credentials and ensure that they use the best password guidance and enforcement. MFA.
Asked if the company's investigation had taken into account countries directly targeting money laundering during their cyber-attacks, such as North Korea, Monrad acknowledged that where North Korea was involved, the goal was direct monetary gain.
He added that there are still purely "financial attacks", while more typical cyber attacks are carried out, in which the attacker tries to earn large sums of money, but the biggest game with the theft of credentials is now common, and from the perspective of cybercrime, The value of money laundering attacks is declining as cybercriminals gain more by selling access to desktop, rather than aiming at direct theft of money.
Finally, Monrad said that this shift in focus from money laundering to credentials theft is largely observed, with the exception of North Korea, noting that hackers are more interested in interacting with banking systems and mechanisms. and specifically with the system SWIFT, for example.