False flags making it harder to find root of cybercrime

Hackers are using falsified information to throw security researchers off their trail

Fake timestamps, language strings and malware are increasingly being used by cybercriminals to shake security researchers and investigators off their scent, Kaspersky Lab has revealed.

Those who plant malware and other malicious files are increasingly using false flags to hide their identity, meaning it's almost impossible to identify the hacker groups.

Kaspersky Lab explained how timestamps can be easily changed by cyber criminals to avoid researchers uncovering which timezone they are working from, for example, while mixing language markers - such as language proficiency and mixed language metadata - can confuse those trying to find the criminal.

Another way to confuse researchers trying to pin down malicious actors' location is by purposefully failing internet connections, making it appear as though they are working from another territory.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

By varying the types of target, hackers are able to remove a pattern to their attack, which again makes it much harder for anyone to work out a motive. The criminals who launched the Wild Neutron attack, for example, had such a varied victims list but no pattern could be established. Threat actors can also pretend to be other hacking groups to remove any certainty.

"The attribution of targeted attacks is complicated, unreliable and subjective and threat actors increasingly try to manipulate the indicators researchers rely on, further muddying the waters," Brian Bartholomew, senior security researcher at Kaspersky Lab, said.

"We believe that accurate attribution is often almost impossible. Moreover, threat intelligence has deep and measurable value far beyond the question who did it'. There is a global need to understand the top predators in the malware ecosystem and to provide robust and actionable intelligence to the organisations that want it that should be our focus," Bartholomew added.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020