Successful hacking campaigns used to be all about keeping under the radar. But, for some, making a big splash is now now more important than lurking in the shadows.
Cyber security Hackers- Stealth and secrecy use to be the hallmarks of cyber espionage and cyberwarfare, with spies and hackers sneaking in and out of target networks without leaving a trace or evidence that could be linked back to them.
But increasingly, cyber attacks are now carried out in fully public view, and many attackers don’t appear to worry so much about keeping under the radar. Some even seem to go out of their way to make sure they are spotted.
One example of the way cyberattacks have gone public: the WannaCry ransomware caused chaos and made headlines around the world, with many businesses locked out of their PCs by hackers who demanded a bitcoin ransom in exchange for restoring access to data.
But even if victims opted to give into the attack and pay the ransom — which some did — there was never any means of the attackers fulfilling their end of the deal.
WannaCry was attributed to North Korea, with Pyongyang having taken advantage of EternalBlue, a leaked NSA hacking tool, to help power the spread of the attack. It’s still not clear whether it was a bungled attempt to make money or simply a show of force by the North Korean regime.
Just weeks later, organisations around the world were hit by what first appeared to be another ransomware attack dubbed NotPetya. But in this case it soon became apparent that acquiring cryptocurrency was never the goal: there wasn’t even a means to pay. NotPetya was a wiper, designed to destroy data on the machines it was targeting, not hold them to ransom.
The attack was seemingly designed to target Ukraine, but it spread across the world, causing billions of dollars in damage. In this instance, the US, UK and a number of other states eventually pointed to state-backed Russian hackers as the culprits.
North Korea denies involvement with WannaCry and Russia still rejects that it was behind NotPetya.
But Kremlin-backed hackers have also been accused of a number of other operations, most notably the cyber attacks and disinformation campaigns designed to influence the 2016 US presidential elections. Russian President Vladimir Putin has been ambiguous about Russia’s involvement in these attacks, largely denying it but also suggesting they could have been the work of ‘patriotic’ individuals within Russia.
“All these groups like APT28 or Lazarus, they’re putting less effort into hiding their operations. It’s probably because everyone knows these attacks will happen and they just want to get to specific data or have a specific influence,” says Maya Horowitz, director of threat intelligence and research at Check Point Software.
“In the past, they used to go under the radar, they used to have their own opsec so that no one would know that there’s any attack and nobody would talk about cyber and APTs. Now part of the process is just to create chaos — so if it’s revealed, maybe it’s even better, because it makes people scared.”
Rather than stealing data in secret, cyber attacks have now become a way for some states to show their technical prowess, especially if they are trying to compete with economically or militarily more powerful states.