From September to November, the Karakurt hacker group hit 40 companies by extorting sensitive data. Their method is particular since they do not come to implant a viral load. They hide the necessary time in the network to get their hands on the most confidential information.
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyber attacks are more and more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the hackers’ methods and what are the most massive cyber attacks?
They have wasted no time but are rather patient. Created in June and active since September, the pirate group called Black Wolf was already at at least 40 known attacks on organizations at the end of November. Karakurt is not a group of pirates like any other. Its members target small and medium-sized businesses rather than large organizations. Likewise, they do not inject potentially destructive malware such as ransomwares, but only focus on data exfiltration.
Once the data is recovered, they go blackmail for ransom not to release it publicly or to competition. This method allows both not to hamper the commercial activity of the targets and also to avoid drawing attention to the attack. This technique gate the name of living off the land (or “LotL”). This type of attack is now one of the most formidable threats. With them, cybercriminals can take all their time while remaining perfectly invisible.
They play the watch
The key is to succeed in penetrating the network. For this, the privileged entry point remains theidentity theft. Then they manage to implant a malware which masquerades as a trusted tool with high access privileges. No risk of being detected by a security solution, because there is no malicious payload. The objective is to progress quietly in the network by gradually assigning additional privileges by collecting identifiers to access the strategic databases of the company.
According to Accenture, including the teams of cybersecurity have discovered this group, so far 95% of known victims are based in North America, while the remaining 5% are in Europe. Targeted sectors revolve around healthcare, industry, entertainment and retail.
The whole problem remains to be able to identify the presence of hackers in the network since they are quite simply invisible. For the moment, besides theapplication security updates, the only solution remains the use of security systems.multi-factor authentication to protect sensitive data.
Interested in what you just read?