FIN10 Hacking Group, Canada’s Arch Nemesis In The Field Of Cybersecurity
FIN10, a cybercriminal group has been operating against Canada since 2013, focusing on cyber espionage and extraction of information against businesses and public sector alike. The group’s members are still not identified by Canadian cybersecurity experts believe a team from North Korea, Iran, China and Russia may be connected with the group, especially with funding concerns.
Cyber espionage campaigns operating under the auspices of a state is not new, in many cases, the country’s spy agency is responsible for spying on another country, organization or group. This happens as each state protects its national interest, which can be pushed as long as the necessary information is accessible. Private cybercriminals, while they wish to have sophistication brought by massive funding cannot match the cyber espionage campaigns by state-funded blackhat groups.
“The cyber espionage threat to Canada is moderate, but could be on the rise. We have observed 10 separate espionage groups from China, Russia and Iran targeting Canada in recent years,” explained Christopher Porter, Chief Intelligence Strategist for Fireye, a cybersecurity consulting firm.
According to FireEye, the active campaigns of FIN10 against Canada became very visible since two years ago, February 2017. Using drive-by malicious executables pretending to be an innocent file, but when opened creates a remote opening to the victim’s computer.
“At least a half-dozen organized-crime groups conduct financial crime operations targeting companies and people in Canada with a sophistication once seen only among nation-states,” emphasized Porter.
The only counteraction is prevention, which can only be done with if the target companies, individuals and agencies prepare for a real cyber attack with a simulated cyber attack. Simulated cyber attack is done through penetration testing, which at first glance may look like an expensive undertaking, but it pays a lot of not having to deal with the aftermath of a cyber attack. The test simulates an attack by a malicious hacker outside the security perimeter of the organization.
There are several websites and tools to help ethical hackers maintain an up-to-date list of vulnerabilities and potential security holes in systems or networks. It is essential that system administrators stay up-to-date on the latest viruses, Trojans and other common attacks in order to adequately protect their systems and networks. In addition, by becoming familiar with the new threats, an administrator can learn to detect, prevent and recover from an attack.
Ethical hacking is usually carried out in a structured and organized way, usually as part of a penetration test or security audit. The depth and breadth of the systems and applications to be verified are usually set based on the needs and concerns of the client. In an ideal world, security professionals would like to have the highest level of security in all systems; however, sometimes this is not possible. Too many security barriers make it difficult for users to use systems and impede the functionality of the system.
The following steps are a framework for conducting a security audit in an organization and will help ensure that the test is conducted in an organized, efficient and ethical manner:
- Talk to the client, and discuss the needs to be considered during the test.
- Prepare and sign NDA documents with the client.
- Organize an ethical hacking team, and prepare a schedule for the test.
- Conduct the test.
- Analyze the results of the tests, and prepare a report.
- Present the results of the report to the client.