It has recently been revealed that a potential espionage threat actor has been targeting employees intending to intersect large corporate transactions and collect bulk emails. The suspicions arose when an uncategorized actor named UNC3524 started displaying unusual activity.
However, there is still no evidence linking UNC3524 with an existing cyber criminal group or individual. Based on the analysis of the threats that have already occurred under this alias, the group/hacker implemented techniques similar to those used by Russia-based hacking crews such as APT28 and APT29.
Details on the Recent Threat Actors
The recent report from Madiant stated that this group is equipped with a high level of operational security combined with a low malware footprint and exceptional evasive skills, which makes them efficient yet difficult to catch in the act.
In some cases, the attacks involved using a backdoor called QUIETEXIT, which allowed the threat actors to gain and maintain remote access for 18 months without being noticed or detected.
There is no doubt that UNC3524 has been persistent in its activities. Each time their access was removed from a victim environment, they would immediately deploy various techniques and tools to restart their data theft procedure.
It is difficult to shake off the attackers when they come back to execute their plan with a system like that. UNC3524 has maintained its presence thanks to installing a secondary implant to victim environments, which is essentially an alternative means of access in case QUIETEXIT becomes unfunctional for any reason.
The Real Threat to Businesses and Employees
If you’re not tech-savvy or well-versed in cybersecurity terminology, this information may seem confusing or unclear. When translated to simple language, the recent event means hackers are doing everything to infiltrate corporate networks to collect sensitive information such as email addresses and transaction data.
In most cases, they use employees and their private devices to access corporate networks because employees are often the weakest link. Human error is usually the cause of data breaches and security threats, so companies need to educate their employees on cybersecurity measures that they can implement on both personal and professional devices.
How to Prevent Cybersecurity Incidents
Although cybersecurity may seem complex and difficult to grasp, regular users can easily protect their devices by following simple security measures. Here are a few tips to help you prevent security incidents and data breaches like the one described above:
Use a VPN
One of the easiest yet most efficient ways to protect your data and devices is to set up a virtual private network. VPN service can help you change your virtual location by connecting your device to a distant server in another country, for example, the UK. At the same time, your traffic gets routed through an encrypted tunnel, which makes all your data invisible to hackers and third parties. A small monthly subscription for a VPN can help you protect your devices from security threats without much work required on your end.
Maintain Proper Password Hygiene
Naturally, maintaining proper password hygiene can help you prevent unwanted breaches and unauthorized access to your private or corporate accounts. The best way to clean up your passwords is to download a password management tool and have one master password to log into all of your accounts. You won’t have to bother memorizing dozens of different passwords and worrying about potential security threats.
Restrict and Control Access
When it comes to maintaining security on a company level, the best thing you can do is establish a system that restricts and controls access to sensitive data. Not every employee needs to have access to all levels of the corporate network. Having access to the areas and data related to one’s job position is enough to maintain productivity without sacrificing security.
Hence, make sure to restrict access to highly sensitive files, folders, and programs. That way, you will significantly reduce the chances of human error or an unknown threat actor leveraging employee devices to gain a back door to sensitive info. Remember, raising awareness and taking action are keys to proper cybersecurity management.