A group of Russian cyber attackers dubbed ‘Turla’ have hacked another Iran-based group of cyber actors, known as ‘OilRig’ to spy on multiple countries, according to advisories by published today by the UK’s NCSC and the US’ NSA.
According to reports, attacks were discovered against more than 35 countries, many of which were located in the Middle East, with at least 20 successfully compromised.
The big takeaway from this is the need to understand that attackers continually adapt to remain undetected and therefore retain their ability to threaten. This should change thinking from the cyber-defence point of view – complacency must not be allowed to set in. We must think like attackers to remain effective against attackers that constantly evolve their techniques.
It’s complacent to assume that attackers will not try new methods to remain undetected and effective. Attackers constantly review and assess the way we protect ourselves, as well as how we respond to threats. By understanding how organisations perform post-breach remediation, they have attempted mis-direction to protect themselves whilst having the finger pointed at another nation state, which has added political implications. The situation reinforces the need to think like attackers. Our defensive techniques must continually evolve to ensure that essential security controls are in place and constantly tested.