Was BadRabbit a distraction? Malware 'used to cover up smaller phishing attacks'
BadRabbit infected computers across Eastern Europe - who was the true target?
After WannaCry and NotPetya, the trend of global malware outbreaks with strange codenames continued last week with the emergence of BadRabbit – a strain of ransomware that infected computer networks across Eastern Europe, mainly in Russia and Ukraine.
But was the wider cyberattack a mere distraction, a red herring designed to throw people off the scent of the culprit's main objective? Some government experts think so.
Reuters reported Thursday (2 November), citing the chief of the Ukrainian state cyber-police, that at the same time as the BadRabbit incident – which instantly grabbed the global news headlines – hackers were also sending targeted, and stealthy, phishing emails.
Cybersecurity analysts who monitored the attack, including ESET, Symantec and Kaspersky Lab, concluded that Russia was the most affected country in the wave.
But Ukraine, the real target under this new hypothesis, was easily the second most attacked, with the computer networks of its metro and airport being disrupted.
"There is an open, let's say instantly obvious attack, while underneath there is a hidden, fairly well-thought-out attack, to which nobody pays attention," police chief Serhiy Demedyuk told attendees while speaking at the Reuters Cyber Security Summit in Kiev.
"During these attacks, we repeatedly detected more powerful, quiet attacks that were aimed at obtaining financial and confidential information."
He said the so-called "hybrid attack" – meaning a multi-pronged assault – was also found to be targeting users of a popular form of Russian accounting software called 1C.
"The main theory we're working on now is that they [the hackers in both attacks] were one and the same," Demedyuk added. "The goal was to get remote and undetected access."
At least 15 companies – which have not been named – were impacted by phishing, Reuters reported. The true number of victims, and targets, remains unclear at the time of writing.
If the targeting of accounting software seems familiar, that's because the previous NotPetya outbreak used the same method, spreading via a hacked software update from MeDoc. Researchers also believe that the culprits behind the two attacks are linked, if not the same.
According to Demedyuk, Ukrainian cyber police had stopped five other major attacks against banks and major infrastructure since June. In one case, Reuters said, investigators blocked the illicit transfer of 10 million hryvnia ($371,000) out of a financial company's accounts.
In the past, Ukraine has been viewed as a testing ground for major cyber-capabilities.
In December 2015, hackers hit the nation's electric grid, leaving approximately 225,000 people without power. At the time, Ukrainian officials have blamed Russia for the attack.