Ransomware, malware and other virus creators, as well as state-sponsored cybercriminals, have increasingly shown a high level of focus towards large companies and business, especially in the tech industry. Quite recently, these persistent threat groups have been getting highly selective about their targets instead of deploying large scale attacks. It appears software developers, coders, and other senior-level employees in the technology industry are now prime targets for hackers conducting cyber-attacks.
We recently reported how state-sponsored hacking groups deployed to conduct cyber espionage on large foreign companies are conducting cyber-attacks on the gaming industry. Their tactics involved penetrating the development end of the game creation process and then use illegitimately acquired licenses and certificates to conduct further attacks. Following the same methodology, these cybercriminals appear to be going after software developers and code writers. By gaining access to accounts, logins and other credentials that grant them privileged access, hackers can execute multiple attacks and conduct cyber espionage as well.
Glasswall ‘August 2019 Threat Intelligence Bulletin’ Reveals Software Developers Being Persistently Pursued:
The just-released August 2019 Threat Intelligence Bulletin by cybersecurity company Glasswall reveals the industries that remain in the crosshairs of cybercriminals. The report primarily focuses on phishing attacks and indicates that the technology industry continues to remain the most attacked segment. According to the report, about half of all the malicious phishing campaigns are targeted at the tech industry.
In most cases, cybercriminals targeting tech industry want the intellectual property and other business-sensitive data. The criminals either intend to hand over the data to their handlers or sell it for a profit on the Dark Web. There have been instances of large stacks of financially rewarding information that has been put for illegal auctions. State-sponsored persistent threat groups attempt to steal data that can help their countries build cheaper or knock-off versions of products that foreign companies have painstakingly developed through a lot of research and development.
It is concerning to note that software developers and other core members of the development team appear to be on the high-priority list of hackers. Multiple phishing attacks that rely on social engineering are deployed to lure developers. Once their identity and credentials are illegally acquired, cybercriminals then attempt to penetrate the network and gain access to sensitive information.
How Are Software Developers And Coders Attacked In The Tech World?
Software developers in the tech industry are some of the most valuable assets. More importantly, they often have access to administrator privileges across various systems. Moreover, as they are involved in the core development of the software product, software developers need to move around the tech company’s internal cyberspace without being restricted. Needless to add, attackers who manage to gain access to login credentials of these developers too can move laterally around networks and gain access to their end goal, noted Lewis Henderson, VP at Glasswall,
“As an attacker, if you can land on an administrator machine, they have privileged access and that’s what the attackers are after. Software developers do have that privileged access to IP and that makes them interesting.”
It might seem odd that software engineers would fall prey to phishing attacks as they are at the heart of the tech world and could be assumed to be quite familiar at such attempts. However, that’s where cybercriminals are getting creative and specific. Instead of deploying a large-scale attack that could be stopped by antivirus software, these criminals send out carefully crafted emails and deploy other methods that have been painstakingly created to avoid suspicion. “The bad guys aren’t doing big global campaigns; they’re doing a lot of research. And when we look at an attack analysis in the process, a lot of the starting points are intelligence gathering,” observed Henderson.
Cybercriminals targeting software developers are increasingly visiting the profiles these individuals create on professional social networking sites like LinkedIn. Thereafter, these hackers pretend to be recruiters and send out specially-crafted messages to target one individual in the organization they want to gain access to. Attackers conduct background checks to determine the skillset of their targets. Simply put, the attackers routinely exploit the information about specific skills and interests of their would-be victim and create a highly customized phishing email and other communication, noted Henderson,
“It could be a PDF job offer, saying they know you’re in the industry and these are your skills because they’ve looked you up on LinkedIn. They’re trying to entice people through social engineering and phishing in a pretty deadly combination.”
The targeted victim just has to open the tainted PDF file loaded with malicious code. There have been several such successful infiltrations caused by opening such emails and files. Administrators are constantly trying to educate employees about the safety protocols of opening such suspicious files and submitting the same for analysis.