False flags making it harder to find root of cybercrime
Hackers are using falsified information to throw security researchers off their trail
Fake timestamps, language strings and malware are increasingly being used by cybercriminals to shake security researchers and investigators off their scent, Kaspersky Lab has revealed.
Those who plant malware and other malicious files are increasingly using false flags to hide their identity, meaning it's almost impossible to identify the hacker groups.
Kaspersky Lab explained how timestamps can be easily changed by cyber criminals to avoid researchers uncovering which timezone they are working from, for example, while mixing language markers - such as language proficiency and mixed language metadata - can confuse those trying to find the criminal.
Another way to confuse researchers trying to pin down malicious actors' location is by purposefully failing internet connections, making it appear as though they are working from another territory.
By varying the types of target, hackers are able to remove a pattern to their attack, which again makes it much harder for anyone to work out a motive. The criminals who launched the Wild Neutron attack, for example, had such a varied victims list but no pattern could be established. Threat actors can also pretend to be other hacking groups to remove any certainty.
"The attribution of targeted attacks is complicated, unreliable and subjective and threat actors increasingly try to manipulate the indicators researchers rely on, further muddying the waters," Brian Bartholomew, senior security researcher at Kaspersky Lab, said.
"We believe that accurate attribution is often almost impossible. Moreover, threat intelligence has deep and measurable value far beyond the question who did it'. There is a global need to understand the top predators in the malware ecosystem and to provide robust and actionable intelligence to the organisations that want it that should be our focus," Bartholomew added.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.