Why Russian hackers are beating us

Russian hackers like the ones who breached the computer systems of JP Morgan Chase and at least four other banks win because they think strategically like the best chess players, an expert says.

"Russians are more intelligent than Americans," Tom Kellermann, chief cyber-security officer for Trend Micro, said. "They're more intelligent because they think through every action they take to a point where it's incredibly strategic.

[Ukraine says Russia is attacking critical infrastructure]

"They're operating at eight to 12 steps ahead on both the offensive and defensive side of the (chess) board."

The attacks that occurred this month resulted in the loss of gigabytes of customer data. One of the banks has linked the breach to state-sponsored hackers in Russia, Bloomberg reported Thursday.

The FBI is investigating whether the attacks are in retaliation to U.S.-imposed sanctions for Russia's involvement in the battle between the Ukranian government and Kremlin-supported separatists.

Trend Micro has studied Russian hackers for years. In 2012, the company released a research paper called "Russian Underground 101" that described in details the tools and services available in online marketplaces.

Russian hackers operate within a grey area in which cybercrime is ignored as long as it occurs outside the country and the hackers are willing to conduct government-sponsored campaigns when asked, Kellermann said.

"The regime essentially sees the underground of hacking as a national resource, as long as the hackers in Russia abide by the rules," he said.

Attacks typically start with target reconnaissance to gain an understanding of the network topology and then predicting the security tools and controls that will have to be bypassed to infect systems and get data out.

"They're complete geniuses because of how they operate with their very chess-like perspective on IT and cybersecurity," Kellermann said.

The hackers develop automated attack platforms and exploit kits with some of the most advanced capabilities and are adept at finding and exploiting zero-day vulnerabilities in software.

Indeed, the hackers responsible for the latest breach exploited a zero-day flaw in at least one bank's website.

Tools are available for each attack stage, including the delivery of the exploit, the lateral movement of malware in the network, data mining and the exfiltration of data.

"It (Russia) is the most advanced marketplace for hacking services in the world and it maintains, what I would consider, the true Silicon Valley of the East," Kellermann said. "It has the greatest expertise when it comes to ethical hacking, penetration testing and black-hat hacking."

Russia has used hackers before to strike political targets. In 2007, the country was behind distributed denial of service (DDoS) attacks that took down Estonian government websites during a disagreement over the relocation of a Soviet-era grave marker and war graves.

In 2008, Russia orchestrated an attack that disrupted Internet communications in Georgia several weeks before invading the country.

Without cooperation from the Russian government, arresting hackers in the country is nearly impossible. Therefore, U.S. companies have to change their security paradigm from keeping hackers out to catching them once they are in the computer network.

[Feds probing possible hacking incident at JP Morgan Chase]

The first step is to collect intelligence on the most likely attackers and then perform penetration testing on critical software most likely to be on the path hackers would take in the network, Kellermann said.

Secondly, spending should be less concentrated on antivirus software, firewalls and intrusion detection systems and shifted to technology that detects malware and its lateral movement within a network.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersRussian spyingapplicationsmalware toolkitshacking servicemalwareBloombergtrend microhacker servicessecurityhacking techniquessoftwarefbidata protectionRussian hackersRussian cybercrimehacker marketplace

More about BloombergFBIJP MorganMorgan

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place