Saturday, July 13, 2024

Cyberattacks and Zombie Machines 


Amin Hasbini is Head of META Research Center – Kaspersky Global Research and Analysis Team. Dr. Mohamad Amin Hasbini joined Kaspersky in 2013 as a Senior Security Researcher in the Global Research and Analysis Team (GReAT). He is now head of the same research center for the META region. Amin is responsible for Kaspersky’s expert positioning, research expansion, and knowledge maturity in four regional offices. He has a PHD in smart cities information security from the Brunel University in London.Prior to joining Kaspersky, Amin was a senior consultant at Deloitte and Touche Middle East. Before that, he worked as a senior security Engineer at DataConsult in Lebanon.

Dr. Hasbini worked on numerous large-scale defensive infrastructure deployments, industrial and consulting projects for government entities, banks, service providers, oil and gas companies, and others. He has also taught security courses in forensics, malware analysis and ethical hacking.

Amin is specialized in wide-scale cyber-defense and anti-APT tools and techniques. He has written a number of publications on advanced malware operations and smart cities security, presented at more than 100 conferences worldwide and received numerous accolades.

Kaspersky, the multinational cybersecurity and anti-virus provider, has released new data from its Kaspersky Security Network (KSN) showing which countries in the world are being most affected by online threats during the recent GITEX Africa conference, held in Morocco. 

At the event, Amin Hasbini, expanded on several cyber threat trends. He cautioned business and technology leaders about two primary forms of cyberattacks – criminal and advanced. Capital’s Groum Abate caught up with him to talk about the threats of cyberattacks and its solutions. The following are excerpts from the candid interview;


Capital: What are the main differences between criminal attacks and advanced attacks?

Amin Hasbini: Criminal attacks: Typically carried out by individuals or small groups with limited resources and technical expertise. Their primary motive is immediate financial gain or personal vendettas. They usually come out with low to medium sophistication and sometimes cooperate on the web underground to achieve bigger objectives, e.g., targeting a large organization.

Advanced attacks: Carried out by well-funded and highly skilled individuals or organized groups. They employ sophisticated techniques and often have a specific target or objective, such as espionage, sabotage, or intellectual property theft.

Capital:  How do attackers access vulnerable financial institutions and how do they abuse them? 

Amin Hasbini: Attackers utilize a variety of methods to access and abuse financial institutions, such as:

  • Exploiting vulnerabilities in software or systems.
  • Directing phishing attacks to trick employees into revealing sensitive information.
  • Exploiting weak passwords or authentication.
  • Using social engineering techniques to gain unauthorized access.
  • Deploying malware or backdoors to gain control over systems.

Once inside, attackers can abuse financial institutions by stealing funds, manipulating transactions, conducting fraudulent activities, or compromising customer data.

Capital: What is crypto jacking?

Amin Hasbini: Crypto jacking refers to the unauthorized use of someone’s computer or devices to mine cryptocurrencies. Attackers use malicious software or scripts to abuse the processing power of victims’ devices, often without their knowledge or consent. The mining activities consume system resources and can impact performance and energy consumption.

Capital: How do attackers launder money?

Amin Hasbini: Cyber attackers utilize different methods to launder money, such as:

  • Layering: Complex transactions are conducted to obscure the origin of illicit funds by moving them through multiple accounts or financial institutions in multiple countries or regions around the world.
  • Integration: The laundered funds are reintroduced into the financial system, appearing as legitimate assets or transactions.
  • Placement: Illicit funds are initially placed into the financial system, often via cash deposits or through other means to make it tough to trace the origin of the money.

Capital: You showed data for 2023 about Ethiopia, 18,000 exploit that allow access to 30,000 ransomware, what does this mean?

Amin Hasbini: Exploits abuse software vulnerabilities or weaknesses that are leveraged by attackers to gain unauthorized access, control systems, or execute malicious code. Ransomware is malicious software that encrypts victims’ files or systems, demanding a ransom payment in exchange for the decryption key. Banker malware is a type of malware specifically designed to target financial institutions, steal login credentials, capture sensitive information, or manipulate transactions. Numbers are significant in Ethiopia and the country is becoming more attractive for cyber attackers, specifically in April and May 2023, traces from our underground monitoring pointed out a hacker team called Mysterious Team Bangladesh (MTB) has targeted the online services of at least 10 Ethiopian governmental, energy and banking institutions with distributed denial of service attacks. These attacks can take down the online services of these entities, blocking users and clients from accessing them, sometimes for hours and up to days or weeks… Other underground traces pointing to Ethiopian organizations and users being targeted with different kinds of cyber threats, such as ransomware, personal data theft or data leaks, have also been seen.

Capital: Can you tell me how much Ethiopia losses to cyberattacks from 2019 onwards until now?

Amin Hasbini: Many cyber-attacks stay hidden or go unnoticed, it’s hard to estimate the cost of these, some examples were mentioned above, yet every institution can estimate the cost of them being cut out of service and/or having data stolen or leaked, the damage is not limited to financial losses, but extends to reputation and impact on critical infrastructure or national security as well.

Capital: From Where are the major attacks on Ethiopia generate or from what group?

Amin Hasbini: Different and varied cyber attacks have been witnessed in Ethiopia, from traditional cybercriminal gangs, or from advanced attacker groups such as CloudComputating which has targeted Ethiopia multiple times in the past few years. Some of these attacks are sourced from the region and some are global.

Capital: What are Zombie machines and what are their effects?

Amin Hasbini: Zombie machines, also known as botnets, are compromised computers or devices that are under the control of an attacker. Their effects include:

  • Being used to launch large-scale distributed denial-of-service (DDoS) attacks against specific targets, overwhelming their servers and causing service disruption.
  • Sending out spam emails or spreading malware to other devices.
  • Participating in cryptojacking activities, contributing computing resources to mine cryptocurrencies without the owner’s consent.

Capital: African financial institutions are vulnerable for outside attacks, what is the solution as these attacks will increase in time?

Amin Hasbini: The solution to enhance the security posture of African financial institutions against outside attacks includes:

-Implementing strong cybersecurity measures, such as firewalls, intrusion detection systems, and encryption. At kaspersky we offer multiple protections for businesses and organizations, small or big like Kaspersky EDR Optimum or Kaspersky EDR Expert for instance.

  • Regularly patching and updating software and systems to address vulnerabilities.
  • Conducting comprehensive security audits and risk assessments.
  • Developing and enforcing robust security policies and procedures.
  • Providing cybersecurity awareness training to employees like for instance the one we offer at Kaspersky
  • Collaborating with industry peers and sharing threat intelligence to stay informed about emerging threats.
  • Engaging with cybersecurity experts or managed security service providers for specialized support.

Capital: Does Kaspersky help African institutions in fighting cybercrimes?

Amin Hasbini: Kaspersky’s job has always been to protect his clients all over the world in fighting cybercrime, by providing security technologies and/or sharing information, providing trainings, awareness etc. Hence, we provide security solutions addressing different types of issues and profiles: SMBs solutions, Enterprises, Industries.. we also provide threat intelligence resources which help our clients to understand and better protect themselves against the different cyberthreats that might target them – or the industry.

Regarding institutions, recently (Nov 2022), Kaspersky announced that the company has contributed to INTERPOL’s Africa Cyber Surge Operation (ACSO) by sharing data, comprising of indicators of compromise (IoCs) on various cyberthreats and types of cybercriminal activity targeting African countries. This evidence provided the grounds for a series of operational and investigative activities against the threat actors behind the cybercrimes and their malicious infrastructure.

Capital: In your opinion how do you see African financial institutions ability to fight cyber crimes in the next couple of years?

Amin Hasbini: Assessing the ability of African financial institutions to fight cybercrimes in the next few years is subject to various factors and challenges. However, with the increasing awareness of cybersecurity risks and the evolving threat landscape, it is expected that institutions will take steps to improve their defenses. Collaboration among stakeholders, investment in cybersecurity technologies and expertise, and adherence to best practices will play crucial roles in enhancing the resilience of African financial institutions against cybercrimes.

Read more