The evolution of the threat landscape is proving difficult to handle for those who are ill prepared for this rapid transformation in technology. And now with malicious entities from the digital world offering their hacker-for-hire services to the world, creates a hindrance for organizations of all kinds but it is severe on SME’s that are not equipped well enough to see through this transformation brought on by the APT’s.
Driven by the public release and commoditization of APT-like TTPs, it is evident that over the past few years the increasing number of mercenary groups that exhibit hacker-for-hire services and it has become a growing trend. It is rumored that some nation-states have also given into this trend and hired cybercriminals from these hacker-for-hire camps to conduct intelligence operations. Subsequently, those hackers learn sophisticated APT-like TTPs that can be leveraged in their criminal activities.
APTs-as-a-service appears to be the latest trend, after malware-as-a-service and ransomware-as-a-service. Mercenary groups offer hacker-for-hire services and market their capabilities to the highest monetary bidder who wants to control the financial market or spy on their rivals.
Key Player in the Market –
- Evilnum, who is known for targeting fintech companies has now started offering APT-like hacker-for-hire services to other organizations. Windows systems are abused by the attackers impersonating legitimate programs via new Python-based RAT.
- Systems of an architecture firm were compromised in the month of August by rendering sophisticated hacking services to customers looking for internal financial information and negotiations about big-budget contracts. A malicious plugin for the Autodesk 3ds Max software was used by the threat actor to create professional 3D computer graphics.
- Smaller financial institutions and law firms are being targeted by the DeathStalker, a hackers-for-hire group, expanding its cyberespionage operations. Their espionage efforts are being driven by spear-phishing emails enclosing malicious scripts in Microsoft Word documents.
- According to researchers, corporate espionage has been the focus of the APT group called RedCurl, which seems to be functioning with the hacker-for-hire model. Their tactics involve launching spear-phishing campaigns by deploying customized malware; they often employ a trojan downloader, a password extractor, and Windows PowerShell scripts.
Organizations that don’t have APT’s in their threat models need to be prepared for such attacks by the mercenary groups. They should think beyond security solutions that detect only malware and focus on alleviating their security stack with visibility tools at the network layers and endpoints. Threat hunting should be performed on suspicious incidents and they should also reassess their security infrastructure.
To read more, please check eScan Blog
