A leading IT think tank has raised question marks over recent high-level assertions that Russia was behind cyber attacks designed to influence the outcome of the US election.
James Scott, senior fellow at the Washington-based Institute for Critical Infrastructure Technology (ICIT), argued that other malicious actors could easily mimic the tools techniques and procedures (TTPs) of a well-known nation state group like the Kremlin-backed APT28 and APT29 teams.
They could look to vendor whitepapers to gain a good idea of their TTPs, and then head to the darkweb to obtain a malware variant or exploit kit commonly used by such a group.
He continued:
“Want to add another layer? Compromise a Chinese system, leap-frog onto a hacked Russian machine, and then run the attack from China to Russia to any country on the globe. Want to increase geopolitical tensions, distract the global news cycle, or cause a subtle, but exploitable shift in national positions? Hack a machine in North Korea and use it to hack the aforementioned machine in China, before compromising the Russian system and launching global attacks. This process is so common and simple that’s its virtually ‘Script Kiddie 101’ among malicious cyber upstarts.”
The report comes after CIA officials briefed senators that it was “quite clear” the Kremlin hacked Democratic Party officials’ emails and publicized them in order to get Donald Trump elected.
As a result, outgoing president Obama has ordered a full review into the allegations, set to report before Trump is sworn in.
Attribution can be more reliable if the target is well-protected, operates in a niche field and/or if the malware is unique. But none of this is true in the case of the Democratic National Convention (DNC), hampering any investigation, Scott argued.
The news comes as researchers revealed an uptick in cyberattacks targeted at Russian banks over the past few years.
These highly sophisticated attacks require long-term planning and persistence inside target networks, with the aim of hijacking business processes to steal tens of millions of dollars at a time, according to Eset.
In that respect, they presaged the attacks on Bangladesh Bank and others this year.