False flags making it harder to find root of cybercrime

Hackers are using falsified information to throw security researchers off their trail

Fake timestamps, language strings and malware are increasingly being used by cybercriminals to shake security researchers and investigators off their scent, Kaspersky Lab has revealed.

Those who plant malware and other malicious files are increasingly using false flags to hide their identity, meaning it's almost impossible to identify the hacker groups.

Kaspersky Lab explained how timestamps can be easily changed by cyber criminals to avoid researchers uncovering which timezone they are working from, for example, while mixing language markers - such as language proficiency and mixed language metadata - can confuse those trying to find the criminal.

Another way to confuse researchers trying to pin down malicious actors' location is by purposefully failing internet connections, making it appear as though they are working from another territory.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

By varying the types of target, hackers are able to remove a pattern to their attack, which again makes it much harder for anyone to work out a motive. The criminals who launched the Wild Neutron attack, for example, had such a varied victims list but no pattern could be established. Threat actors can also pretend to be other hacking groups to remove any certainty.

"The attribution of targeted attacks is complicated, unreliable and subjective and threat actors increasingly try to manipulate the indicators researchers rely on, further muddying the waters," Brian Bartholomew, senior security researcher at Kaspersky Lab, said.

"We believe that accurate attribution is often almost impossible. Moreover, threat intelligence has deep and measurable value far beyond the question who did it'. There is a global need to understand the top predators in the malware ecosystem and to provide robust and actionable intelligence to the organisations that want it that should be our focus," Bartholomew added.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020