A perception of hackers that many of us have: A person in a dimly lit room in a basement in lower northeast Kaliningrad (Russia) with a Russian Bear energy drink (yes, a real thing, no Russian links in this column though) in hand.
This person has a bank of computers and gigantic monitors in front of them and uses complex tools and hacking techniques to break into our nation’s computer systems.
This visual would be incorrect; I would wager that half the hacking attempts are perpetrated by some guy or gal on the phone or web possessing little or limited programming or hacking skills.
Most computer criminals these days are just con artists who utilize online cybercrime kits they purchase on the dark web or as we will review today, there are emerging trends where U.S.-based hackers are not just buying a hacker toolbox but actually partnering directly with cyber gangs overseas.
The Caesar’s Entertainment attack this month for example appears to be this kind of collaboration. A group of American teenagers looks to have joined up with a Russian cyber gang and together they talked their way into their victim’s network. They pulled this off by calling tech support and claiming to be an employee of the company who needed a password reset.
This approach is called “social engineering” and it works as follows. The hackers identify their target company (MGM) and then find some staff that work there. This is accomplished by a LinkedIn, Facebook or broad internet search.
Then they find the IT support phone number, which could be as easy as calling the front desk and asking for IT, and then the con goes operational.
The hackers say something like this, they are BOB SMITH, and they are on vacation (because the Facebook pix that Bob posted at Wally World are all over the place). They say they work in marketing and must get a proposal out for a new property in Taos (referencing real work for the casino found in the news) — could the IT person reset and provide a new password?
Most IT departments would flag this, but this one (it appears) did not. They provided the hacker impersonating a real employee with a new password.
The hacker then launched a payload of ransomware (provided by their Russian partner), and the company has still not fully recovered from the attack. If you thought the war against hackers was getting better, it is not.
According to the GetAstras blog, March 2023 saw a 91% hike in the number of ransomware attacks from February and a 62% increase from March 2022. Cybersecurity analysts recorded 459 ransomware attacks in March, setting a record.
The “Industrials” sector took 147 of these attacks, amounting to 32% of all attacks in the month.
You might be wondering, with businesses of all sizes engaging in email attack simulations, cyber training for their staff, and advanced threat protection tools being rolled out, how could this be happening? Caesar’s example is a big reason. The Russian hackers have identified a barrier to success and have overcome it, just like a normal business. They recognized language barriers in emails and on the phone making their attempts to defraud us easy to recognize.
If you get an email that says “This is boss, you money send now please Kathy” you might figure out that is not really an email from your boss. However, when the Russians combine with American teens who can speak the language, we have a severe problem.
In Florida, the massive Twitter attack a couple of years ago was conducted by a teen. The scam involved stealing accounts of celebrities like Bill Gates and Barack Obama and launching fake fundraising links to their followers.
Graham Ivan Clark was the hacker in question, and he cashed in briefly but is now behind bars. Same for the cyberattack that shut down some Miami schools for several days in 2020. That was launched by a then 16-year-old student at South Miami High School.
This is a disturbing trend, and it is not just a few teens here and there. We are seeing that there is a network of hackers around the country called THE-COM (short for community) and in this case, a smaller group of hackers called StarFrauds engage in this hacking. For us 80s kids out there, I have visions of the movie War Games in my head when thinking about them. Info is scarce about these groups as they are attempting to keep a low profile.
Maybe they were behind one of our F-35 fighter jets flying off into the wild blue yonder this month? It is certainly possible it was hacked, and most experts think China is the likely suspect.
However, let’s not forget about teenage hackers right here in the States when digital trouble is afoot.
As Americans, there is a lot to be concerned with in these instances and as far as action items go, do not give away your password over the phone or online to anyone for starters. For that matter do not take online quizzes either; these can also be hacking tools, and do not click links in emails & texts you are not expecting. The cyber war rages and the latest casualty this week was Sony.
It has reached the point where all things digital must be verified.
In the eternal and immortal words of Fox Mulder: “Trust no one.”
Blake Dowling is CEO of Aegis Business Technologies in Tallahassee.