Cambridge cybersecurity experts on how Liam Fox might fall prey to spear-phishing hack
The cybersecurity sector had its work cut out before the pandemic started, and demand is now such that one company - Cambridge-based - Darktrace this week revealed that its Cyber AI Analyst platform carries out around 1.4 million investigations a week.
The platform, launched last year, is described as “a game changer” by Laura Tibodeau, CIO at Americas Styrenics, who added: “It takes people from watching a monitor to really starting to work through the trade craft of threat investigation, and dramatically reduces the time it takes to triage threats.”
But while the sophistication of cybersecurity has increased, so have the threats, as UK politician Dr Liam Fox has found out.
The Tory MP’s personal email was hacked last year in a “spear-phishing” attack which the UK government has said was “almost certainly” carried out by Russians hackers seeking to interfere in the 2019 UK election. The documents pertained to UK-US trade talks, which included the NHS.
The hack raises two questions: one is why does it fall to Russian hackers to tell the UK population what UK citizens have the right to know?
The second is: how was the hack carried out?
The first question is one you should be asking your MP, but the “how” part has been addressed by Cambridge cybersecurity experts from Darktrace, Featurespace and PureID.
Marcus Fowler, director of strategic threat at Darktrace, says: “This is yet another wake-up call that politicians and anyone involved in politics or government are being targeted by very sophisticated adversaries. It looks like the attackers’ access to sensitive documents was also sustained over a period of months. It is possible that criminals conducted this operation with the intention of selling to the highest bidder. Nation-states collect information linked to their country or relationships, like disinformation or valuable intelligence, and can use it to not only cause friction within a country, but also to further fracture or undermine strategic partnerships and weaken alliances.
“We cannot put this down to user error, but instead must recognize that cyber defenses need to get a significant upgrade, if we are going to protect confidential business or government affairs. Artificial intelligence is no longer a nice-to-have but a critical ally in fighting those battles within digital networks.”
The hack on Dr Fox’s computer has been reported as a spear-phishing attack. So how complicated is that?
“Spear-phishing attacks are becoming very common these days as state actors are also finding it a very effective tactical weapon in cyber warfare,” says Ajit Hatti, founder of Royston-based PureID, which has developed a password-less way of accessing computers (on the basis that password-based defence measures are easy to hack into). “The term is relatively new but the methodology is not. In spear-phishing attacks highly motivated adversaries invest significant time and efforts and narrowly focus on thoughtfully chosen targets.
“Anti-virus systems are good to protect you from known threats coming over known channels, but spear-phishing attacks uses vectors and methods not previously known to common protection systems. These attacks demonstrate sophistication in delivery of payload and diligent resonance of the target to assure higher success rate.”
Mr Hatti says the hack of on Dr Fox’s computer is sophisticated because the motive did not appear to be financial.
“Common hackers will target mass majority for petty gains,” he told the Cambridge Independent.
Mark Taylor, a member of the SME banking team at award-winning cyberspecialist Featurespace, says spear-phishing is a more targeted form of phishing.
“Fraudsters continue to use these targeted attacks, as they have a higher success rate if they personalize the email message for each victim. Some of the earliest reports of spear phishing date back to 2010, but fraudsters have ‘phished’ victims since the early 90’s. Spear-phishing is a more targeted attack using the same compromised data, but fraudsters personalise the email to make it look more legitimate, often acting as a known company or individual to the victim.”
The key to spear-phishing’s success is that an incoming email will look as it it has been sent by a trusted person.
“Through background research, criminals will often spoof a friend or family member’s name to appear in the email header to lure the victim in to thinking they are dealing with a known associate. The spear-phishing email may contain attachments with malware or links to sites which will capture the sensitive information that the fraudster is after.”
Basic anti-virus software may not be enough, adds Mark.
“A good anti-virus is one step towards safe guarding yourself, but not the only protection that consumers must apply. Featurespace can work with anti-malware providers to ingest key data fields that would complement the ARIC Risk Hub’s ability to identify any fraudulent activity. In a typical spear-phishing case, ARIC Risk Hub protects the victim at the transactional stage, when the fraudster has attempted to log on to the victims online banking and attempted a payment.
“All of our products can be used to detect and prevent criminals using compromised credentials gained through spear-phishing to carry out fraudulent activity, such as preventing fraudsters from applying for loans in the victim’s name or preventing funds being paid away from the victim’s bank account.
“The ARIC Risk Hub is a true enterprise financial crime prevention software that can be applied to many services to safeguard consumers for fraud and financial crimes. ARIC allows organisations to holistically profile activity across their business to identify suspicious and high-risk behavior using machine learning and behavioral analytics.
“Spear-phishing is often the root cause of how a criminal obtains the victims personal information, but there are several ways in which they will use that data. ARIC detects many different types of fraud, such as account takeover, where fraudsters will use the information they have gained through spear-phishing to gain full access to the victim’s account and often make changes to the account information to bypass further security controls which may be required to authenticate payments.”
Cyber-security attacks are happening continuously and lay bare the claim that governments across the world are properly defended. But there is one other element worth mentioning - you. The fact is that the attacks are mostly activated when the user clicks on to the bait, and perhaps even opens an external link which then transfers all your data to the hacker.
Hopefully someone will have mentioned that to Dr Fox.