Report warns of cyberespionage threats for certain industries

For industries that deal with sensitive or confidential information online, a recent whitepaper has exposed a new threat to the safety of this data.

Symantec has been tracking the cyberespionage group Black Vine since 2012 and believes that it is responsible for a range of cyberattacks on multiple industries, including aerospace, energy and healthcare. The latter saw a particularly worrying attack in January this year, in which health insurance group Anthem reported a breach in its IT systems.

According to Anthem, the attack was sophisticated enough to gain unauthorised access into the data, exposing intimate details of both employees and patients, including social security numbers, contact details and street addresses. Thankfully, the organisation believes that no medical information was targeted or obtained and credit card numbers were not taken.

Symantec pinned the security breach on Black Vine as this group has displayed particularly sophisticated cyberespionage methods. The group stands out as it has custom-developed malware that is constantly updated to avoid detection. The three major variants were Mivast, Hurix and Sakure, identifiable as Backdoor.Mivast and Trojan.Sakurel. On top of this, the group also has access to a variety of resources that allow it to conduct multiple attacks at once.

One of these is access to the Elderwood platform. Even though the project was established in 2012, it still remains a threat as it allows users to execute zero-day exploits, which rapidly expose and attack vulnerabilities in a system before the owner is aware they exist.

According to Symantec’s findings, 82 per cent of attacks by Black Vine are focussed on the United States, but the group has been known to target other countries. Little is known about who comprises this group or what the primary motivations are, but links have been found between Black Vine and a company in Beijing.

What can Australian organisations do? 

According to the Australian Information Industry Association (AIIA), in order to prevent attacks from spreading, any breach must be documented and reported to the appropriate body, such as CERT Australia or the Australian Cyber Security Centre. The AIIA believes that a more systematic approach should be taken through the establishment of models outlining compliance, intelligence sharing and enforceable penalties.

Industries must take responsibility to ensure they maintain best practice cybersecurity processes. Having an understanding of the requirements that must be met to protect customer data is also critical. For those looking for jobs in the healthcare sector, cybersecurity knowledge is an essential component, especially when you consider the dangers presented in the case of Anthem.