Security firms now believe that some of the cyber attacks conducted against companies in the United States are the work of hackers backed by the Chinese government.
One common form of attack is deploying ransomware into the networks of the companies. The malware encrypts the sensitive and important files in the computers which makes them ultimately useless and costly as payment is demanded by the hackers.
Four security firms said that there is an increase in the sophisticated attacks besides ransomware. They believe that some of the attacks could be state-sponsored because of the level of complexity in the methods.
The sophisticated methods involve how the hackers penetrate the networks and how they manage to move between computers undetected. Their malware is also believed to be highly advanced for basic ransomware attacks.
Phil Burdette, the head of one incident response team over at Dell SecureWorks, said that their team had to respond to three hacking cases in several months. The cases involved hackers who penetrated networks and injecting ransomware into over 100 computers from each US-based company, according to Reuters UK.
“It is obviously a group of skilled of operators that have some amount of experience conducting intrusions.”
The investigations were carried out in attacks against one technology firm who had more than a third of their computers compromised by the hackers. There was also one attack against an unnamed transportation company.
Last year, it was also believed that Chinese government-backed hackers were also behind the attacks behind the Anthem Blue Cross and the United Airlines. Flight manifests have been stolen, which led investigators to believe that it could be a state-sponsored attack.
One possible reason is because the hackers could have wanted to know if there were military officials on the plane and where they were flying to. The information could be used by the Chinese government to plan their next moves. However, there was no clear evidence that can point the attacks coming from China.
G-C Partners, InGuardians and Attack Research have confirmed that they have been investigating three other ransomware attacks that have similar properties. They have been separately conducing the investigations since December.
Just like with the attacks last year, there were no digital crumbs that lead to a Chinese government attack. However, the security firms believe that the recent attacks were from an advanced hacker group that could originate from China.
The companies that were attacked by the hackers refused to be named. In addition, the security firms said that the more sophisticated ransomware attacks were not previously reported which suggests that they may be the work of new hackers that want more than money.
However, the security firms also have theories that the hackers could now be working on their own without the support of the Chinese government. Last year, there was an agreement between the US and the Chinese government to oppose economic espionage. Several companies based in the US have reported that there was a reduction in the number of attacks conducted by Chinese hackers after the pledge was made.
Val Smith, the CEO of Attack Research, said that the hackers from China could be out of work since the agreement. To still maintain their revenue, the hackers could be staging ransomware attacks on the US companies.
Since there is little to no support from the Chinese government, the hackers could also be trying to get as much as they can before they completely back out of the attacks. Some of the attacks’ methods can be traced as far back as 2013.
Still, there could be other explanations besides state-sponsored attacks. It could be that local hackers have improved their methods as they progress with the advancement of technology.
The leak of information from the Hacking Team last year could have also given the hackers some ideas on how to improve their espionage and hacking tools. It was even exposed that the Hacking Team conducted transactions with foreign governments as well.
Ransomware attacks continued to increase especially after the introduction of Bitcoin in the recent years. The cryptocurrency allows hackers to demand payment without having the authorities trace the money back to them.
Bitcoin has increased in value since its inception in the past half-decade. It is believed that criminals and hackers use the cryptocurrency to conduct illegal transactions in the dark web such as buying guns, drugs and even ordering a hit on someone.
Another factor could be the advancement in encryption techniques over the years. Since the encryption methods are now stronger than before, it makes it virtually impossible for the companies to crack the method to save their own files, which means that they usually resort to just paying the hackers with Bitcoins.
The security firms are now warning companies that hackers today are bolder since their ransomware attacks are often successful. The more companies pay the hackers, the more likely it is that they would target other companies as well.
Just very recently, Microsoft (NASDAQ: MSFT) dropped their support for Bitcoin payments in their Windows Store. It could deal a small blow for hackers who use Bitcoins to transact, but most of them exchange the cryptocurrency for real money anyways.