According to her report BlackBerry, the appearance of more and more sophisticated cybercrime-as-a-service schemes, shows that governments have the opportunity and the option to cooperate with hacking groups that they can carry out attacks on their own account.
These criminal groups provide malicious services, such as Phishing, malware, network breaches etc. The hackers they can spy on their targets and steal data and whatever else governments ask of them and of course get paid for their services.
An advantage of exploiting criminal groups is the inability to link attacks to governments, since the hackers use their own infrastructure and techniques.
Therefore, states can cover their activities and not get involved in attacks, orchestrated by themselves.
The researchers used the hacking team as an example Bahamut, to show how sophisticated criminal campaigns are.
According to a report by BlackBerry last year, Bahamut uses phishing techniques, social engineering, malicious applications, custom malware and zero-day attacks in campaigns targeting governments, private Companies and ordinary users around the world. The hacking team was active many years before it was revealed.
The researchers note that "the profiles and geographical location of the victims are too different to be linked to the interests of a single attacker", Suggesting that Bahamut attacks different customers.
Hacker client governments may eventually gain access to systems and networks, steal sensitive information and spy on their targets, while at the same time not being able to connect (at least directly) with the attacks.
"Identifying hacking teams can be difficult for researchers due to a number of factors, including infrastructure overlap, different targets, and unusual techniques.", The report said.
Bahamut has continued to operate since its discovery, with hacking campaigns targeting government-related foreign and defense services across the country. Μέση Ανατολή. The team is also targeting South Asia, with attacks mainly related to smartphones.
Complete network protection is difficult, but there are many security practices, which if implemented, can reduce the chances of a successful one violation. Regularly updating systems, training staff on threats, and implementing multi-factor authentication are some of them.