The extent of the activities undertaken by ‘Dark Basin’ has been revealed by The Financial Times. The nefarious actors have hit targeted thousands of individuals and organisations on six continents. This is based on research underaken by the Citizen Lab of the Munk School of Global Affairs & Public Policy, University of Toronto.
Many of the attack have focused on the legal profession, as the Law Gazette reports, with hacking focused on commercial espionage allegedly on behalf of clients seeking to disrupt their opponents who are involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy.
Looking to into the issue for Digital Journal, Ed Macnair, CEO of Censornet says that the issue raises a number of concerns, especially about the extent of hacking: “It is worrying, but unsurprising, that hacker-for-hire groups like these are so active and it is clear that they do not discriminate when it comes to their victims. These mercenaries are hired to wage war on organisations of all sizes, creating sophisticated and targeted spear-phishing campaigns with potentially devastating consequences.”
In terms of the scale of the problem, Macnair explains: “Given that researchers discovered almost 28,000 web pages designed to steal passwords, it is crucial that businesses understand the scale of the problem.”
While businesses can seek to educate their staff about the possible impact, Macnair notes: “Even with the highest levels of employee education, these campaigns are relentless and it is unrealistic to ask or expect employees to protect themselves from every single one.”
So what is to be done? Macnair says that: “Instead, It is the responsibility of organisations to protect their employees – which can be done in this case through the deployment of sophisticated email security, which should identify and block malicious emails and scan for malicious links, and comprehensive web security, which would identify and block the malicious sites employees are directed to. A combination of these tools is by far the most effective way to protect employees from organised campaigns like this one.”