Mercenary Hackers a Major Threat In the EU

hand types on LED keyboard

As it turns out, ransomware might not be the most significant security threat facing the world as we move into the New Year. Per Reuters, that dubious honor goes to ‘hackers-for-‘hire.’  Sort of. 

In the 9th Edition of the European Union Agency for Cybersecurity (ENISA) Threat Landscape Report, the agency acknowledged that ransomware is an incredibly prominent threat. However, it posited that the ransomware epidemic is merely a symptom of a far more concerning trend. Namely, something it terms ‘hackers for hire.’ 

It’s exactly what it sounds like. Hacking groups that are perfectly willing to sell their services to the highest bidder. As reported by Dark Reading, we already know of one such group that’s successfully struck over 3500 targets in just a year and a half

Named Void Balaur by Trend Micro after a legendary monster in European folklore, the group has reportedly been active since at least September 2015. Void Balaur’s targets are as varied as its tactics. It’s gone after politicians, human rights activists, doctors, scientists, engineers, and journalists. 

It has broken into email accounts to steal data, sold personal information on the dark web, and acquired sensitive communication records. It has collected credit reports, captured Interpol records, monitored travel tickets, and even downloaded traffic cam footage. The hacking group’s actions in Uzbekistan reportedly caused some of its victims to feel so threatened and unsafe that they went into exile. 

“We consider Void Balaur as a cyber mercenary that can be potentially hired by anyone,” Feike Hacquebord, a senior threat researcher at Trend Micro, told Dark Reading. A target could be a local shop in Moscow, a fashion designer in New York, a high-profile journalist, a medical doctor in Ukraine, a veterinary scientist in India, a medical scientist in Brazil, a military mercenary in South Africa, or a politician who saw no other option than go into exile abroad.”

One cannot help but find it darkly funny that Void Balaur, rather than being known solely for the attacks, is known in the criminal underworld for its excellent customer service. 

In hindsight, this is perhaps one more way criminal organizations are copying the businesses they so frequently target. We’ve already seen echoes of that with the cybercrime-as-a-service sector.

And now, we’re seeing hacking services groups that prioritize the needs of their clientele.

As for how your organization can defend against these mercenaries? That’s the bad news. Aside from general best practices, there’s not much anyone can do at this juncture. 

Void Balaur has shown remarkable persistence and dedication when it comes to its targets—meaning all it takes is for one employee at one vendor to be lax in their security. Suddenly the whole supply chain is compromised.

That isn’t to say you shouldn’t still protect yourself against zero-day attacks and make an effort to retain control over your assets. Nor should you stop holding vendors accountable for their actions. It’s simply to say that even if you believe your security to be ironclad, you should still ensure you have a crisis response plan in place, as well.