Sophisticated cyber gang targeting corporates uncovered

Top Stories

Sophisticated cyber gang targeting corporates uncovered

Three UAE companies among group's 49 targets in 20 countries

by

Bernd Debusmann Jr.

  • Follow us on
  • google-news
  • whatsapp
  • telegram

Published: Thu 9 Jul 2015, 6:33 PM

Last updated: Fri 10 Jul 2015, 1:41 AM

Dubai - Experts have discovered a sophisticated new cyber espionage group that has launched attacks in 20 countries, including the UAE, the technology company Symantec announced on Wednesday.
The group - which Symantec has called 'Morpho' - has launched at least 49 ambitious cyberattacks on large corporations, including multi-billion dollar companies in a diverse range of sectors including commodities trading, pharmaceuticals and technology. Three of the targeted companies are located or headquartered in the UAE.
The group uses a host of custom-designed malware and has successfully exploited zero-day vulnerabilities, which are previously unknown weaknesses that have no available solution.
Gavin O' Gorman, an intelligence analyst with Semantec's Security Response team, said the group's ability to conduct such attacks is a sign that it has considerable resources at its disposal.
"That indicates the capability of the attackers is something unique," he said. "To use something like that, you'd need a lot of money to buy that exploit, because they are so valuable. It's something that allows the attacker to get into any number of different victim companies."
In the past, hacking groups, some state-backed, have paid up hundreds of thousands of dollars for information on 'zero-day' vulnerabilities in computer systems. In 2013, for example, Forbes reported that some zero-day exploits were selling for as high as $250,000, and the New York Times reported that one sold for $500,000.
O'Gorman said Symantec believes the group is likely using its attacks for insider trading purposes. "We think they are looking for information, essentially insider information, which can then be used to make money in the stock market," he said. "They seem to be going after companies that have been publicised, that they know there is going to be information there that they can make money through insider trading."
Among the items specifically sought out by the hackers are internal company e-mails and content management systems which often contain financial records and policy documents. In one notable incident, the group hacked into a system monitoring a company's CCTV and swipe card system, allowing it to track the movement of people around buildings.
"They are certainly very organised. They are very good at maintaining their security. We didn?t get any hint as to who they actually really are," O' Gorman said. "That can be very difficult to do. You need to be very careful and very consistent in your security when you?re doing this. From that point of view, they are far more capable than most of the e-crime attackers we come across."
To avoid falling victim, Symantec recommends that companies make sure that browsers and security software are up-to-date and that employees employ good internet security techniques such as only going to secure websites.
Looking to the future, O'Gorman said it is likely such attacks may increase in the future.
"If it is the case that these guys are hacking for insider trading, I suspect that this is going to start happening a lot more,? he said. ?It?s very difficult to actually know who the attackers are and also identify how they are making their money. The stock market is a very easy way to mask how you make your money. I suspect other attackers will follow in the footsteps of these guys.?
bernd@khaleejtimes.com


More news from