False flags making it harder to find root of cybercrime
Hackers are using falsified information to throw security researchers off their trail
Fake timestamps, language strings and malware are increasingly being used by cybercriminals to shake security researchers and investigators off their scent, Kaspersky Lab has revealed.
Those who plant malware and other malicious files are increasingly using false flags to hide their identity, meaning it's almost impossible to identify the hacker groups.
Kaspersky Lab explained how timestamps can be easily changed by cyber criminals to avoid researchers uncovering which timezone they are working from, for example, while mixing language markers - such as language proficiency and mixed language metadata - can confuse those trying to find the criminal.
Another way to confuse researchers trying to pin down malicious actors' location is by purposefully failing internet connections, making it appear as though they are working from another territory.
By varying the types of target, hackers are able to remove a pattern to their attack, which again makes it much harder for anyone to work out a motive. The criminals who launched the Wild Neutron attack, for example, had such a varied victims list but no pattern could be established. Threat actors can also pretend to be other hacking groups to remove any certainty.
"The attribution of targeted attacks is complicated, unreliable and subjective and threat actors increasingly try to manipulate the indicators researchers rely on, further muddying the waters," Brian Bartholomew, senior security researcher at Kaspersky Lab, said.
"We believe that accurate attribution is often almost impossible. Moreover, threat intelligence has deep and measurable value far beyond the question who did it'. There is a global need to understand the top predators in the malware ecosystem and to provide robust and actionable intelligence to the organisations that want it that should be our focus," Bartholomew added.
Preparing for long-term remote working after COVID-19
Learn how to safely and securely enable your remote workforceDownload now
Cloud vs on-premise storage: What’s right for you?
Key considerations driving document storage decisions for businessesDownload now
Staying ahead of the game in the world of data
Create successful marketing campaigns by understanding your customers betterDownload now
Solutions that facilitate work at full speedDownload now