Researchers Identified Sophisticated Chinese Cyber Espionage Team

Collaboration between various security firms has thwarted one of the biggest and most sophisticated cyber espionage crew called the Axiom which is thought to be linked to China. This Axiom Threat Actor Group mostly targeted NGO and pro-democratic along with other individuals who are perceived as potential threat to China.

The Axiom Group

The group mostly targets pro-democratic NGOs in Asia along with industrial espionage by targeting organizations with influential energy policy and environmental policies. Also on the list is IT giants, chip makers, telecom companies and infrastructure providers.

The group mostly used phishing attack and malwares to get the job done. The typical attack seems more like a state-sponsored attack yet again. Their prime is the Hikit tool linked to an attack referred to as Deputy-dog attack, which famously used an IE zero day bug to attack Asian firms mostly.

The group seems to work relatively quietly and is thought to be more heavily funded than say APT1 crew (Shanghai based and PLA affiliated). According to Novetta, the group is active for 6 years, is highly disciplined and is well-resourced. The suspect that Chinese government is related is most certainly true.

The Collaboration and Solution

The attacks performed did not go unnoticed however and sooner rather than later, security firms started collaborating to bring it down. The coalition among the partner is led by Novetta along with Bit9, Cisco, F-Secure, ThreatTrack Security, iSIGHT Partners, Microsoft, FireEye, Tenable, ThreatConnect, Volexity and other unnamed partners. Via Microsoft’s coordinated malware removal campaign, the coalition took its first public action called operation SMN.

Over 43k machines with Axiom tool installations have been removed from machines. Among them 180 were clear examples of Hikit – the last stage persistent and data exfiltration tool that is the peak of the Axiom victim’s lifecycle. This was perhaps the first of its kind from security firms to fight off potentially deadly state-sponsored threats to the whole world.

The Diplomacy 

China has clearly denied any involvement in Axiom. According to Chinese Embassy spokesman, such events and allegations judging from the past are fictitious and China has itself been on the wrong end of cyber espionage according to revelations by Snowden.

With 2 weeks to go before President Barrack Obama gives Beijing a visit, cyber security will be a high priority agenda to discuss. Washington has previously tried hard enough to pressurize China over issues of possible state-sponsored cyber warfare against the US but has failed to sustain it after the Snowden revelations.

Novetta however hopes that the example set by the coalition will be followed in future to fight cyber terrorism. However, it will be very stupid to think that Axiom is gone for good. The operation was more of a remediation than knock-out blow and chances are that Axiom will be back soon though with probably different tools and strategies this time around.

The group has amassed lots of technical data regarding the threat and its workings which will help in future in fighting against such groups.

Tools Manipulating RAM to Mislead Cyber crime Investigators

ADD, attention deficit disorder, a tool changes the structure of the Windows physical memory and thereby, disturbs the memory functioning of the system and changing the pattern of the memory consolidation within the system. What it does is, make fake files, fake network connections, bad server dumps and ultimately, making a false background of the memory track. With this increasing amount of false server lists along with a great number of fake network connections are allowing cyber manipulators to work without much threat and do their job at a swift pace.

What cyber crime analysts and investigators do? 

There is always a memory dump in any computer system that has been running. Whatever occurs in the process, while the computer is running, every memory goes into the memory dump and that can be identified and objected at any point of time. This memory dump allows you to understand the pattern of surfing along with the network and server connections that have been subjected by the user. Every list of used objects gets located in the memory dump and the analysts using their analytics tools capture this dump and go through it to find any range of crime or misconduct and thereby, work in a way to prevent cyber crimes in a particular location or network. Cybercrime analysts have had a huge amount of job in the present time with an increasing amount of cyber frauds. An analyst looks for:-

• Proof of private sessions
• Passwords history
• Browsing networks
• Malwares and encrypted codes that form a part of the memory but not the disk.

The new tool creating hazard for the cyber crime investigators:- 

With the advent of internet, there is an increase in the amount of frauds and large network scams in the area of cyber use for thefts, frauds, cheating and other miscellaneous activities. ADD has come up with a facility that allows the user to dislocate itself from the normal network browsing history and relocated at a different location and finally disrupting the RAM. With a change in the memory location, it becomes utterly difficult for the cyber analysts to find the exact IP address and browsing history.

 A bigger problem exists with the fact that the attacker may insert such attacking and fake files into the network that allows another cyber crime group to attack at another networking sites and creating a greater number of malwares that will affect the RAM and disrupt the whole memory dumping process.

The cyber crime network is getting stronger with every passing minute and is using such artifacts that are very tough to validate and analyse. Even if the hacked system gets into the hands of the analyst, the ADD tool that has created the hazard will send the analyst on a journey that is far from the actual event and therefore, will add more to the confusion and hacking the malwares would not be possible.

The anti- cyber crime and cyber theft intercom are also trying to increase their resources and technologies that will allow them to build a stronger cyber rule and disallow the cyber attacker to attack the RAM and disturb the memory use.

1.2 Billion Passwords Snipped: Secure Your Online Account with a Strong Password

Technology represents a new identity with the extensive improvement and thus you can easily acknowledge the optimistic features helping you to set up a new identity online. However, along with the advanced attributes also you may be the victim of a negative impact such as hacking. Nowadays it appears as one of the biggest concerns that you need to take care of maintaining a suitable profile online. Manifold users complain that they have been hacked and the passwords are stolen, which lead to lose the confidential and important data.

The newspapers and the online news channels reveal the entire fact specifying the dark side of technology. According to the authenticated information, a particular Russian group hacked about 1.2 billion passwords from nearly 500 accounts. Therefore, all the users using the accounts faced serious problems recovering the entire set of data.

How to maintain the privacy of your account? 

From the above fact, it emerges as the essential feature to sustain a suitable privacy that blocks the hackers stealing your password. You need to set a password that is really difficult to retrieve. The passwords accumulating the common characters or figures can be easily tracked by the hackers that may be threatening for your account.

Incorporate other security features such as the secret questions that protect your account from the unauthorized access. So, all your information remains safe and you would not have to worry regarding the spamming activities. Furthermore, nowadays the webmail providers and the other social sites are implementing multiple security attributes to safeguard their users from the unruly bustles. Follow the regular news and other technical periodicals that depict useful information helping you to know how you can incorporate more safety measures to your account. Hence, you can prevent the leaking out of the data that may bring a tragic episode in your life.

Cyber Security to safeguard the Online Users

Furthermore, the administration employs a specific cyber security feature that protects the privacy of the users and thus you can carry out the online activities without any worry. The entire society is therefore convinced that they attain the ultimate safety over the web that leads to the flawless execution of the operations. Browse the various online sites that consist of other information revealing the particular facets for the cyber security. Acknowledge certain software and other equipment installing which you can increase the safety of your account online.

Eliminate the Negative Technical Brunt

Once, you are able to put a complete barrier to the hackers and other unqualified persons entering your personal account the overall theft will decrease to the large extent. It comes out as a significant feature that is really useful to affix a strict blockade to your top secret data. Employ the feasible security measures and ensure the effective account free from the spamming activities that destroy your useful information. Make sure that you are on the safe hands protecting your account from every type of unscrupulous bustle. Finally, you are able to set up a complete well-organized online account that achieves the ultimate safety.

The role of communication in effective cybersecurity

A recent study of 5,000 cybersecurity professionals has found that ineffective communication between security specialists and company executives is one of the biggest barriers to reducing the number of cyber attacks made on company computer systems.

Of the 5,000 respondents to the survey, 31 percent said that they had never sat down with an organisation’s top brass to talk about cybersecurity, while 23 percent said they met execs to discuss cybersecurity just once a year.

This is a cause for concern for cybersecurity professionals who share a common gripe about the general lack of understanding about the link between loss of data, and loss of revenue. This is hardly surprising given just how infrequently the two parties communicate.

To combat this lack of understanding and the scarcity of skills which is particularly prevalent in the public sector, private ftp alternative providers such as Thru are being hired, via the G-Cloud, to increase awareness and improve the level of cybersecurity within government agencies.

The increase in agility

In an increasingly agile world where businesses want to be able to respond instantly to new opportunities or a change in customer demand, security can often come as an afterthought.

However, as attackers change their tactics, it is essential that cybersecurity professionals are in regular contact with company executives to increase their understanding of the new threats that arise as a result of new opportunities.

Executive teams should understand what threats the business faces, what the capabilities are within the company to defend against those threats, and whether a threat is industry specific or targeted at the business in particular. This approach makes it easier to identify weaknesses within the organisation and improve cybersecurity in the future.

Cybersecurity discontentment 

The research also revealed an underlying discontentment harboured by a good proportion of the survey’s respondents with the current security systems in place. In fact, some 29 percent of respondents said they’d like to overhaul their current security, while 13 percent said there would be no point changing anything about their current system as a determined attacker would be able to breakthrough whatever systems were in place.

These statistics are quite telling and reveal just how underprepared many cybersecurity professionals feel in the face of increasingly sophisticated attacks.

New advice on passwords

To change the subject slightly, Microsoft has managed to increase the discontentment of a few security experts with its latest advice on passwords.

The recommendation, which flies in the face of the advice many cybersecurity professionals have been dishing out for the past decade or so, advises users to identify the importance of a particular application, and assign a password which is comparative in strength. So, relatively weak passwords should be used to protect less important websites, while strong passwords should be used to access important applications, such as banking.

However, some experts have come to the defence of conventional wisdom, claiming this approach would be just as burdensome for consumers as choosing a strong password for every site.

In an article in TechNewsWorld, the senior director of a leading cybersecurity provider, said: “Regular users have trouble distinguishing what ‘important’ and ‘non-important’ services are. Most people understand that banking is important – but the distinction is not always clear on other services.

“Password re-use is a significant threat, both to individual users and organisations. As users choose the same passwords for online and organisational services, the organisation’s exposure to attack grows.”

Does your cybersecurity team regularly communicate with the top brass? If not, do you think this approach would help to improve your security? And what do you make of this latest advice on passwords? We’d love to hear from you, so please leave your thoughts in the comments section below.

AUTHOR BIO

James Davies is a tech blogger and internet start-up owner based in Southend-On-Sea. When he’s not blogging for some of the UK’s most authoritative websites, James can be found paddle boarding and windsurfing. He’s not very good at either, but that’s by-the-by.