When you hear of large-scale cyber-attacks, you probably conjure up images of nefarious computer geeks outmaneuvering state-of-the-art infosec systems and spiriting away mountains of precious data. Turns out, it’s more like taking candy from a baby.
The sheer speed and ease with which Russian hackers have been infiltrating global digital networks has become something of a running joke.
And the Bulgarian government has become the latest victim to discover this the hard way after suffering its biggest cyber heist in history.
Russian hackers have infiltrated Bulgaria’s revenue agency, the NRA, and stolen personal records of five million taxpayers in a spectacular phishing attack.
The heist was so extensive that it’s feared that 2 out of 3 of the country’s adult records have been compromised - the largest ever data breach for the Balkan nation.
The Bulgarian prime minister, Boyko Borissov, has called an emergency meeting to examine the extent of the damage and has also apologized to the country.
The leaked information includes names, personal data and the financial earnings of both individuals and companies.
Finance Minister Vladislav Goranov has revealed that said that the hackers infiltrated more than 110 of the agency’s databases (about three percent of its total count) though he has reassured citizens that no classified information or anything that can endanger financial stability was accessed.
The government plans to seek help from the EU cybersecurity agency to perform extensive audits of its most sensitive systems.
The motive of the attack is yet to be established though it’s suspected to be an act of retaliation after the Bulgarian government purchased several U.S. F16 fighter jets.
It could also be a bad case of casual sociopathy considering the attackers sent the Bulgarian government an email taunting "…the state of your cybersecurity is a joke."
Indeed, the finance minister has already rejected a possible link to the jet purchase pointing out that the attack happened before the deal was approved. Bulgarian media also received emails containing download links for the stolen data from the hackers via Russian mail provider, Yandex--yet another cynical jibe.
More of the same
Your guess is as good as ours that this will not be the last time Russian hackers infiltrate sensitive databases of governments, companies and businesses and steal valuable information.
After all, Russian hackers are rated the most proficient in the world. Ok, you are probably wondering how they rate hackers seeing that the felons would not exactly be willing to take speed tests to rank how fast they crack codes.
In the hand-wringing forensic study of a breach, the main focus is the first point of intrusion. How quickly an intruder can move from that beachhead to a full-on attack, aka the breakout speed, is considered a nice proxy of their skills.
And it turns out nobody beats the Russians.
In 2018, cybersecurity firm CrowdStrike analyzed 30,000 attempted breaches and found that Russian state-sponsored hackers have, by far and away, the fastest breakout speed—just 19 minutes from the initial intrusion to escalating their privileges within a network. That’s incredibly fast considering the average breakout speed is close to five hours.
Second-ranked are North Korean hackers who pull off the feat in about two hours longer than Russians while third-ranked Chinese hackers take about four hours.
There are a couple of reasons why Russian hackers are so good at their trade, including a superior IT and computer science education right from the junior level and a dearth of outlets like Silicon Valley where to channel those skills.
So, which countries are at the biggest risk?
Governments with a low level of commitment to cybersecurity, including many third-world nations, are at the highest risk of cyberespionage.
(Click to enlarge)
According to the Security Magazine, Algeria, Indonesia, Vietnam, Tanzania, and Uzbekistan are the least cyber secure countries in the world while Japan, France, Canada, Denmark, and the United States in that order are the least vulnerable to attacks.
Incidentally, the least cyber secure nations also experience the least telnet attacks (originating from within the country)--meaning that they are mostly the victims of foreign hackers.