Kaspersky Labs has revealed that hackers are now hacking other attack groups, using their tools and stealing victim data, making more difficult to gather accurate threat intelligence.
Sophisticated threat actors are actively hacking other attack groups in order to steal victim data, borrow tools and techniques and re-use each other’s infrastructure – making accurate threat intelligence ever harder for security researchers, according to Kaspersky Lab’s Global Research and Analysis Team (GReAT).
Accurate threat intelligence relies on identifying the patterns and tools that signpost a particular threat actor. Such knowledge allows researchers to better map different attackers’ goals, targets and behaviours, and to help organisations determine their level of risk. When threat actors start hacking each other and taking over tools, infrastructure and even victims, this model quickly starts to break down.
Kaspersky Lab believes that such attacks are likely to be implemented mainly by nation-state backed groups, targeting foreign or less competent actors. It is important that IT security researchers learn how to spot and interpret the signs of these attacks, so that they can present their intelligence in context.
In a detailed review of the opportunities for such attacks, GReAT researchers identified two main approaches: passive and active. Passive attacks involve intercepting other groups’ data in transit, for example as it moves between victims and command and control servers – and are almost impossible to detect. The active approach involves infiltrating another threat actor’s malicious infrastructure.
There is a greater risk of detection in the active approach, but it also offers more benefits as it allows the attacker to extract information on a regular basis, monitor its target and their victims, and potentially even insert its own implants or mount attacks in the name of its victim. The success of active attacks relies heavily on the target making mistakes in operational security.
GReAT has encountered a number of strange and unexpected artefacts while investigating specific threat actors that suggest such active attacks are already happening in-the-wild.
- Backdoors installed in another entity’s command-and-control (C&C) infrastructure
Installing a backdoor in a hacked network allows attackers to establish persistence inside the operations of another group. Kaspersky Lab researchers have found what appear to be two in-the-wild examples of such backdoors.
One of these was found in 2013, while analysing a server used by NetTraveler, a Chinese-language campaign targeting activists and organisations in Asia. The second one was found in 2014, while investigating a hacked website used by Crouching Yeti (also known as Energetic Bear), a Russian-language threat actor targeting the industrial sector since 2010. The researchers noticed that, for a brief period of time, the panel managing the C&C network was modified with a tag that pointed to a remote IP in China (likely a false flag). The researchers believe this was also a backdoor belonging to another group, although there are no indicators as to who this might be.
- Sharing hacked websites
In 2016, Kaspersky Lab researchers found that a website compromised by the Korean-language DarkHotel also hosted exploit scripts for another targeted attacker, which the team called ScarCruft, a group targeting mainly Russian-, Chinese- and South Korean- organisations. The DarkHotel operation dates from April 2016, while the ScarCruft attacks were implemented a month later, suggesting that ScarCruft may have observed the DarkHotel attacks before launching its own.
Infiltrating a group with an established stake in a certain region or industry sector enables an attacker to reduce costs and improve targeting, benefiting from the specialist expertise of its victim.
Some threat actors share rather than steal victims. This is a risky approach if one of the groups is less advanced and gets caught, as the inevitable forensic analysis that follows will also reveal the other intruders. In November 2014, Kaspersky Lab reported that a server belonging to a research institution in the Middle East, known as the Magnet of Threats, simultaneously hosted implants for the highly sophisticated threat actors Regin and Equation Group (English-language), Turla and ItaDuke (Russian-language), as well as Animal Farm (French-language) and Careto (Spanish). In fact, this server was the starting point for the discovery of the Equation Group.
“Attribution is hard at the best of times as clues are rare and easily manipulated, and now we also have to factor in the impact of threat actors hacking each other. As more groups leverage each other’s toolkits, victims and infrastructure, insert their own implants or adopt the identity of their victim to mount further attacks, where will that leave threat hunters trying to build a clear, accurate picture? Our examples hint that some of this is already happening in-the-wild and threat intelligence researchers will need to pause and adapt their thinking when it comes to analysing the work of advanced threat actors,” said Juan Andres Guerrero-Saade, Principal Security Researcher, Global Research and Analysis Team, Kaspersky Lab.
In order to keep pace with the rapidly evolving threat landscape, Kaspersky Lab advises enterprises to implement a full-scale security platform combined with cutting-edge threat intelligence. Kaspersky Lab’s enterprise security portfolio provides businesses with threat prevention through its next-generation endpoint security suite, detection based on the Kaspersky Anti Targeted Attack platform, and prediction and incident response through its threat intelligence services.
Further details on ways in which threat actors acquire and reuse elements of other groups, including tool repurposing and malware clustering, and their ramifications for threat intelligence can be found in the paper, Walking in your enemy’s shadow: when fourth-party collection becomes attribution hell.
Naspers feeds into Latin America’s tech funding
Movile will get $400m funding from the SA-based technology investment giant for iFood expansion.
Movile is to receive US$500-million in funding for iFood in the largest tech funding in Latin America to date. Naspers and Innova Capital have committed to invest $400m of new capital into Movile to use for further investment in iFood, the leading online food delivery platform in Latin America, of which Movile is a majority shareholder.
Movile and Just Eat have already invested $100m in iFood during 2018. iFood’s extraordinary growth and the vast market opportunity in Brazil and more broadly in Latin America has driven the increased investment commitment.
iFood’s monthly orders in Brazil have fed more than 9 million customers in the past twelve months, 16 times the nearest online competitor, in terms of daily active users. This means its partner restaurants are serving the biggest population of consumers ordering food in Latin America. iFood has 50 000 restaurant partners and uses 120 000 couriers.
The increased investment commitment from Naspers, Innova and Movile is expected to accelerate growth, speed up product development and innovation, and fuel geographical expansion for iFood across the region. The company’s vision is to gain deeper knowledge of consumers through artificial intelligence technology, to personalise the food delivery experience – and at a reduced price, because of improved logistics.
“Movile is very fortunate to have long-term investors who have supported us for the past decade to help achieve our goal of transforming the lives of more than one billion people and thus we are able to continually back iFood to ensure it remains the market leader,” said Fabricio Bloisi, Movile CEO.
“Our entire ecosystem of companies is focused on allocating resources and energy towards our one billion people goal. iFood is leading the way, fueling unprecedented growth through its innovative technology platform, providing consumers, couriers and restaurants with the best experience in food ordering and delivery.”
Larry Illg, CEO of Naspers Ventures, said: “iFood has established itself as a technology leader in Latin America and its success stacks up with some of the most innovative food companies that are leading regions in North America, Europe and Asia. We have been impressed by their execution in Brazil and remain committed to backing the company on its path to transform the entire food chain to better serve consumers.”
Online food delivery is experiencing massive expansion globally. According to latest reported results, Grubhub grew daily average orders 39% year-on-year, reaching over 416 000 orders per day. In Latin America, iFood has reached 390 000 orders per day just in Brazil in the last week of October, compared with 183 000 in October 2017, representing 109% growth.
iFood CEO Carlos Moyses said: “We want our consumers to have an amazing delivery experience from the moment they order their food to the moment it arrives. Our partners – the restaurants and delivery fleet – make that happen by living our purpose of improving people’s lives using our services.
“iFood exists for our customers and, with an increased investment commitment of this size, we will be able to build out our state of the art technology platform, and increase our courier and restaurant partners to even better serve our current and future customers in Latin America.”
Hide your sheep, Spyro is reigniting
Spyro, the iconic purple dragon that entertained living rooms worldwide in the late ‘90s, is making a return with the release of Spyro Reignited Trilogy.
Spyro Reignited Trilogy introduces players to a fully remastered game collection with a re-imagined cast of characters, animations, environments, new lighting and recreated cinematics—all inHD. Now fans can explore more than 100 lush environments filled with new detail, that brings the Dragon Realms and Avalar to life . The trilogy is available for PlayStation 4, PlayStation 4 Pro and the family of Xbox One devices from Microsoft, including the Xbox One X.
South African distributors Megarom provided the followjng information:
In Spyro Reignited Trilogy, lead developer Toys For Bob is giving fans an all scaled-up version of the original three Spyro games that started it all, Spyro the Dragon, Spyro 2: Ripto’s Rage! and Spyro: Year of the Dragon, but with a modern-day feel that makes it fresh and fun for today’s player. Adding to the fun, voice actor Tom Kenny is returning to the franchise as the voice of Spyro in all three remastered games. Longtime fans will be treated to Toys For Bob’s reimagined version of the classic soundtracks, in addition to an all-new title-screen theme from original soundtrack composer Stewart Copeland.
Additionally, the new game brings an in-game audio feature that allows players to switch between the original and the newly remastered soundtracks, for those who want a more classic gameplay experience. Players can simply fly in to the “options menu” at any time during gameplay, unleash their preferred nostalgic or scaled-up groove, and glide right back into the Spyro action without losing saved data.
“It’s been a real pleasure to bring back one of most iconic video game characters of all time through the Spyro Reignited Trilogy,” said Paul Yan, Co-Studio Head at Toys For Bob. “We’ve poured everything we’ve got into making sure every detail was done right to deliver a great Spyro experience for fans. We hope players will have as much fun revisiting the Spyro world and characters as we did remastering them.”
In the road up to the official release of Spyro Reignited Trilogy, Activision Publishing, Inc., a wholly owned subsidiary of Activision Blizzard, created a first-of-its-kind, life-sized, fire-breathing and talking Spyro Dragon drone. The drone took off from “Stone Hill” castle near New York City, spreading his wings across the U.S. to explore the cities and iconic landscapes that resemble levels and themes from the original Spyro games. As part of the tour, the Spyro drone chased sheep, fired up some BBQ and delivered an early copy of Spyro Reignited Trilogy to fellow O.G. and entertainment icon, Snoop Dogg. Highlights from the Spyro drone’s delivery to Snoop Dogg can be found here.
“Fans have been asking Activision to bring Spyro back for some time now. The response to Spyro Reignited Trilogy has been great thus far, and we’re absolutely thrilled that we’re able to continue to reimagine and reinvigorate some of the most iconic videogames and characters of all time with our remastered experiences,” said Steve Young, Chief Revenue Officer at Activision. “With this year being the 20th anniversary of Spyro, there’s no better time to pay homage to everyone’s favorite purple dragon.”
The Spyro community is invited to geek out and elevate their fandom even further through the elite global partnerships from the Activision Blizzard Consumer Products Group (ABCPG). Collaborations with Funko, Traly Pins, Exquisite Gaming, KidRobot, USAopoly, Trends International, Rubber Road, and Changes have created new avenues for fans to share their love for the return of Spyro, the original roast master. Spyro consumer products across apparel, collectibles, figurines and more are now available at retailers worldwide. Fans can also take advantage of the GameStop exclusive Spyro TOTAKU Collection.