Cyber researchers are becoming a top hacker target
By George Leopold
May 06, 2016
A quarterly assessment focused on distributed denial-of-service (DDoS) attacks around the world found that security researchers working to detect and blunt cyber attacks are themselves in the crosshairs. According to a threat report released this week by the threat analysis firm Nexusguard, "Researchers and their related groups are becoming high-valued targets for digital criminals." The company added, "We have seen this in the past, but never as a primary target for a whole quarter."
Along with being the top target of hackers, the report found that the No. 1 attack method launched against cyber researchers and corporate infrastructure was network time protocol (NTP), an exploit that targets the network protocol used for clock synchronization between computers linked by packet-switched data networks with varying levels of latency.
San Francisco-based Nexusguard, a DDoS mitigation firm, reported that some victims were attacked on a daily basis. The security analyst also found that most attacks lasted less than 10 minutes. "The decrease in duration could be related to the continued rise in popularity of DDoS-for-hire services, which have led to shorter attack times," the threat report noted.
The cyber security analyst also noted that geopolitical tensions fueled an increase in region-specific cyber attacks during the first quarter. The U.S. and China were identified as the top two targets of 49,000 combined attacks detected during the first three months of 2016. U.S. networks withstood more than 30,000 attacks during the period, mostly of the NTP variety, along with Domain Name System attacks, an exploit in which attackers take advantage of system vulnerabilities.
Two of the top three targets of cyber attacks during the first quarter were U.S. networks: Hurricane Electric, an Internet service provider in Silicon Valley, and Comcast Cable Communications. China Telecom's Chinanet Backbone network was the No. 2 target.
An 83 percent increase in cyber attacks in Middle Eastern countries reflected ongoing tensions in the region, especially the Syrian civil war and stepped-up attacks against the Islamic State. The U.S. offensive against ISIS in Iraq and Syria now includes offensive cyber weapons designed to disrupt its ability to recruit via social media and carry out functions like paying its fighters.
Meanwhile, the threat report noted that cyber attacks against Turkey have subsided since the fourth quarter of 2015. Those attacks are thought to have been in response to the Turkish military's downing of a Russian fighter. Following the shoot down, Turkish Telecom and the country's leading mobile phone carrier came under heavy cyber attack by Russian hackers, the threat report indicated without specifying the origin of most attacks.
The threat analysis concludes with a sobering warning, noting that the traditional cat-and-mouse game between hackers and security analysts is morphing into "one of seal [versus] the great white shark."
Increasingly sophisticated cyber attackers "are launching full-scale digital operations and absconding with terabytes of data that are affecting some of the world’s largest corporations. Some of these operations are government sponsored, where official agencies are utilizing hackers as clandestine guerrilla warfare groups."
As threat vectors shift, however, data scientists and cyber researchers appear likely to remain high-profile targets as cyber attacks grow in sophistication.
