Developing nations get in on cyber-espionage using commodity malware

News by Chandu Gopalakrishnan

The limited experience of developing nations in cyber-attacks force them to leverage commodity malware to advance their agendas

Hacker communities are discussing the launch of campaigns using EMOTET, a Malware commonly-used by rookie state-sponsored threat groups, reports CYFIRMA. The development comes amid a noticeable rise in the campaigns mounted by state-sponsored actors over the past quarter, the report said.

“In just under three months, nefarious nation-sponsored cyber-activity is on the uptick where threat actors are now using commodity malware on their targets. This method of attack is highly insidious and has the potential to cause irrevocable damage across many industries,” said Kumar Ritesh, chairman and CEO at CYFIRMA.

One key driver for this is the increased participation by developing nations in cyber-activities, as they see it as a way to gain advantage over competing nations. However, their limited experience in cyber-attacks forces them to leverage commodity malware to advance their agendas.

“In most of the cases earlier, we saw state-sponsored hackers creating advanced, targeted malwares to attack their targets. Now they are using readily-available malware, repurposing with little or no modification to the malware code ie they are taking malwares off the shelf,” Ritesh told SC Media UK.  

Emerging nations such as Brazil, Chile, Peru, Vietnam and Malaysia are taking the lead in this method. They are new to cyber-warfare compared to the US, China or Russia, and they do not have deep expertise or resources to create advanced, target-specific malware. 

“They are using malwares available in the black market or already released malwares to launch attacks. For instance, OceanLotus, a campaign launched by suspected Vietnamese groups, recently used EMOTET and URSNIF malwares, which have been in use for many years,” explained Ritesh.

Groups sponsored by cyber-developed nations such as China and Russia use commodity malware to target non-important targets or create anonymity or noise and attack prime targets using that as distraction.

“Predominantly, nation-sponsored groups target competing industries in other nations or mount attacks for financial gains. Manufacturing, retail, food and beverages, transportation and technology solution companies are their usual targets, apart from government facilities,” Ritesh noted.

Industries have taken note of this situation. A survey of 485 IT security professionals at the RSA Conference 2020 by Venafi showed that 88 percent of respondents believed the world is in a permanent state of cyber-war, with 90 percent concerned that digital infrastructure will suffer the most damage as a result.

“Security professionals are under constant siege from very sophisticated threat actors targeting government, military and private organisations,” commented Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. 

“Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.”

The latest situation shows a trend of learning from developed/advanced hacking groups and replicating the same operating model, observed Ritesh. 

“Why spend resources creating new malware when old ones can be repurposed for the job? Learn the tricks of the trade and eventually start creating targeted advance malwares and launch sophisticated attacks!" he added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews