'Morpho' Hacking Group Presents Major Corporate Security Threat
by Doug Bernard July 08, 2015
A previously unknown group of highly-trained hackers presents a major new digital security risk for corporations, according to a report released today by the web security firm Symantec.
Dubbed "Morpho", Symantec researchers tracked the group back to dozens of attacks against 49 separate organizations – almost exclusively corporations working in the financial, pharmaceutical, commodities and telecommunications fields, among others.
Firms based in the United States represented more than one-third of all Morpho attacks, with those based in Europe and Canada coming in second and third respectively. Fourteen other countries were also home to corporations targeted in Morpho attacks.
"The attackers focused on obtaining access to specific systems of interest in all of the compromised organizations," the researchers wrote in a white paper.
"In most organizations, these systems were email servers: either Microsoft Exchange or Lotus Domino servers. Once the attackers had this access, they presumably then eavesdropped on email conversations and may have been in a position to potentially insert fraudulent emails as well."
Report authors said there are "some indications that this group may be made up of native English speakers, are familiar with Western culture, and may operate from an Eastern Standard Time (EST) time zone."
The attackers are also believed to be small in number but highly capable, creating custom malware and using advanced exploits to infect corporate systems and steal data.
Corporate systems targeted
Unlike many recent high-profile attacks, which have involved governments as targets or as state-sponsors, the Morpho attackers focused exclusively on corporate systems, even targeting security-minded mega-firms such as Apple and Microsoft.
Given such valuable intellectual property targets, the attacks may be primarily tailored for monetary gain: selling off one firm's data to a competitor, for example.
"A key difference between attacks coming from competitors and state-sponsored attackers is that competitors are likely in a better position to request the theft of specific information of value and make more rapid use of this information than government-sponsored attackers would," the report concludes.
Numerous Internet security analysts and professionals have previously told VOA that hacking attacks are, in fact, becoming more numerous globally. That's due to a variety of factors, including the relatively low expense and ease of launching persistent attacks.
"We're kind of living in what amounts to a digital wild west," said Patrick Eddington, a policy analyst at the libertarian-leaning Cato Institute. "This is something that folks are going to have to adapt to."
|Join the GlobalSecurity.org mailing list|