This state-sponsored group may have a new name, but their previous exploits made headlines. Formerly known as the Lazarus Group, this North Korean government based organization was behind a highly publicized breach at Sony Pictures in 2014. While the freshly named Hidden Cobra has focused largely on attacking South Korea they have also been responsible for attacks around the globe – and there is evidence that more, larger DDoS Threat are coming.
Hidden Cobra is known for using a variety of malicious tools to exploit victims, from wiper malware to DDoS botnets, Remote Access Tools (RATs) and keyloggers. Government agencies, businesses, organizations and even individuals running older, unsupported versions of Windows are most often targeted; the group has also discovered and used vulnerabilities in programs like Adobe Flash Player and Microsoft Silverlight to victimize their targets.
DeltaCharlie Causes Concern
The US-CERT alert that was released this week by DHS and the FBI deals mostly with a new botnet malware, DeltaCharlie. This malicious botnet is designed to launch crippling, massive DDoS attacks; the FBI named financial, infrastructure, aerospace and media targets as prospective victims both in the United States and around the world. DeltaCharlie uses Network Time Protocol (NTP), Domain Name Service (DNS) and Character Generation Protocol attacks to exploit victims.
While DeltaCharlie is causing the most immediate concern, Hidden Cobra has also been responsible for the Destover “wiper” malware, which erases victim’s data and was used on Sony Pictures and the Hangman virus, which allowed hackers to seize remote control of victim’s computers.
Who is a Target of Hidden Cobra?
Any organization that uses data has a computer network is at risk. In some cases, the software could already have infiltrated an organization; in the recent alert, the FBI identified 633 IP addresses that are in use by Hidden Cobra. Network admins can use these addresses to determine if there is already malicious action happening on their own networks. In addition to this information, YARA network signatures and rules are included for further review.
What to Do to Protect your Business or Organization from Hidden Cobra
Review the FBI notice and all provided data and add the identified IP addresses to your watch list to spot malicious activity in your organization. Any hacking tools found should be reported to FBI Cyberwatch (CyWatch) or the DHS National Cybersecurity Communications and Integration Center (NCCIC). The following steps can help prevent your business from becoming a victim:
Regularly Update your Systems: Your system is less likely to be vulnerable if your network and all software is up to date. When potential vulnerabilities are discovered, businesses like Microsoft issue patches to improve security. These patches can’t help you unless you use them.
Educate Employees: The more your team knows about the current risks and malware, the better; employees who know how to protect your network and who react correctly when they detect a problem can significantly reduce your risk. Providing your team with anti-phishing and security awareness training and helping them learn what to do in an emergency is essential if you want to keep your network safe.
Perform Regular Backups: Regularly backing up your system ensures you can quickly recover if you are targeted by Hidden Cobra or any organization wishing to do you harm.
What Can You Do?
Protect your Business from the Latest Threats
At Global Learning Systems, we stay on top of the latest trends when it comes to cybercrime and hacking – and take steps to ensure that everyone on your team knows how to spot the first signs of trouble. Whether you want to make sure your organization is safe from ransomware and phishing or need to know your entire team knows what to do when you are under cyberattack, we can help. Contact us to learn about our easy and user-friendly security awareness training and how it can help you protect your business in an increasingly dangerous global marketplace.