‘Crisis’ security researchers faced with physical threats, “from intimidation to identity theft”

Cybersecurity researchers work hard to make the digital world safe. However, they sometimes run into physical security risks. If you’ve been in the cybersecurity field for a long time, you’ve probably heard of reports of information security professionals being threatened or experienced firsthand.
ⓒ Getty Images Bank

“In the past few years, several researchers focused on cybercrime have received death threats,” said a security expert, who requested anonymity. Some of the researchers who received such threats decided to do something else to avoid attracting the attention of criminals. “Because my job is a security researcher, I didn’t want to bring in bad guys and put my loved ones at risk,” he explains.

On Twitter and at information security conferences, researchers often share their experiences and ways to protect themselves in these situations. According to them, neither the police nor the FBI are of much help. Matt Smith, owner of YouTube channel Citadel Lock Tools and key repair expert, said, “I’d like to tell federal law enforcement or the local police to report it, but in my experience it doesn’t help. “It takes months for a criminal to be arrested in a single case, leaving the victim in isolation for quite some time.”

While some researchers view this threat as a symbol of honor, most work to keep themselves and their families safe. Minimize your digital footprint, research the background of everyone you access through social media, use a mailbox instead of an address, and refrain from uploading posts online that could connect you to your family.

In recent years, the rise of ransomware attacks and the escalating geopolitical tensions between Russia, China, North Korea and NATO have tended to make the job of an information security expert, at least in part, risky. “I don’t know if the situation will get worse, but it’s definitely not,” said Ronnie Tokazowski, chief threat adviser at Cofense.


Ransomware Attack Group Threatens Security Researchers

Cybercriminal groups, on the other hand, are doing well. Ransomware attacks hit an all-time high, with average ransom payouts 900,000 dollars (about 1.17 billion won)exceeded Moreover, as Russia invaded Ukraine and sanctioned by the West, it seems that even the weak cooperation between the US and Russia to contain this situation has stopped. The Russian business magazine Kommersant recently reported that an incident believed to be the work of a member of the ransomware attack group REvil “has reached a dead end.”

Alan Liska, an intelligence analyst at Recorded Future, said: “Several ransomware attack groups are living with impunity. Unless they leave Russia, there will be no punishment for their criminal activity. Under the protection of the Kremlin, the attackers will become more daring and brazen.”

As Liska puts it, the ransomware attack group has done “very vicious” to security experts over the years thanks to this protection. “Personally, I have never been directly threatened,” Allen said. “The ransomware group threatened a researcher’s child.”

Cybercriminals are finding the home of a security expert and gathering information about every family member. Criminals post this information on underground forums, and they even target other people to the forums. “Cyber ​​criminals are more inclined to collaborate and share information than they were a few years ago,” Liska said. They even created extortion sites to post information about victims and share their thoughts.”

In recent months, cybercriminals have become aggressive enough to affect the physical safety of researchers. A prime example is the Conti, which targeted dozens of organizations in Costa Rica and forced President Rodrigo Chavez to declare a national emergency. It was unusual for hackers to announce that they were aiming to ‘overthrow the government’.

“The attack by Conti represents an ‘expansion of ransomware activity’,” said Lauren Zabirek, executive director of cyber projects at Harvard Kennedy School’s Belfer Center. “If other attackers find out that they can take the entire country hostage and extort the ransom without punishment, the damage will be even greater,” he said.

This also means that the lines between the ransomware attack group and the actors behind the country are becoming increasingly blurred. However, attacks by state masterminds are more skillful and sophisticated. For example, in the past, a security professional who was traveling to a meeting was given a gift with a message to stop the investigation, and found traces of someone rummaging through his room.

Attackers behind the country seek out information security experts to target on channels such as LinkedIn, Twitter, Telegram, Keybase, Discord, and email. There are times when they say they need expert consulting or want to collaborate on vulnerability research.

In January 2021, Google’s Threat Analysis Group (TAG) reported that North Korean hackers were impersonating cybersecurity bloggers, and that security experts transfer visual studio projectfound one thing TAG Adam Weidemann wrote on the Google blog: “Visual studio projects will have additional DLLs that are executed via the Visual Studio build event. DLL is custom malware that immediately initiates communication with the C2 domain controlled by the threat actor.” TAG also found that several researchers who visited links sent by North Korean hackers were hacked.

“If you don’t want to be targeted, it’s a good idea to use a separate physical or virtual machine to compartmentalize your research activities into regular web browsing, interacting with others in the research community, accepting third-party files, and doing your own security research,” Weidemann advises. did.

Here is not the end. In November 2021, Google announced that a North Korean hacker would install a backdoor Trojan horse on a researcher’s computer. Claimed to be Samsung’s hiring managerI also found that they sent me a PDF detailing the job opportunity.


Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!