The suspected Russian hacking group known as Fancy Bear or APT28 has made headlines several times over the past year. They are the group suspected to be behind the hacking of the Democratic national committee during the United States 2016 presidential election, as well as several other cyber attacks. It has been suspected and even accused by some that they have connections to Russian authorities, but there has been no evidence to ascertain this as a fact. Regardless of their ties, there has been yet another cyber attack that seems to be traceable back to them, and this time they have hacked into the International Association of Athletics Federations (IAAF).
The attack was targeted at Therapeutic Use Exemption (TUE) applications, which are the forms that an athlete must complete when requiring the use of a banned medication for medical purposes. These applications can contain personal information such as name, birthday, address, and some medical data. According to the press release from IAAF, the attack was made known on February 21st, when a newly created file was discovered that contained data from one of their file servers. The attackers had somehow gained remote access to their systems and transferred the information to this file, though there have been no details released as far as to how they had gotten in. Interestingly enough, this is not the first time that Fancy Bear has targeted TUE data, as they had hacked the World Anti-Doping Agency (WADA) last year for the same thing. In last year’s attack, they had stolen and released the details of 20 athletes.
How IAAF is Remedying the Attack
IAAF took swift action in beginning to address and handle the attack, which is a good indicator of rapid and appropriate handling of a breach, and is what will allow an organization to come back from it. They had contacted those who had applied for TUEs since 2012, as well as set up an email address for any questions that these athletes may have. The IAAF had also worked with several agencies to ensure that any malicious access was removed from the systems.
As more attacks are sourced from Fancy Bear, it brings growing concern of their precise goals. Some of their attacks have appeared to be nation-state related, whereas others are more unclear. Their various attacks have seemed to be for differing purposes, so it brings a question to their overall motives. Do they simply have malicious intent to attack many organizations? Or are they following a set pattern or plan? As more cyber security experts evaluate and assess the various attacks, perhaps further information will come to light.
Implementing Cyber Security Monitoring to Protect an Organization
There are a multitude of cyber security tools and methods out there that can help an organization to fortify their defenses. One of the most beneficial of these can be cyber security monitoring. The reality is that there can be a multitude of various indicators, anomalies, and patterns within networks and systems, and these need to be monitored in the event that any of them are Indicators of Compromise (IoC). Cyber security monitoring allows an organization to have a regular awareness of their network and systems, as well as receive alerts in regard to any patterns or anomalies, which can then be immediately investigated and addressed if need be. Cyber security monitoring from Massive Alliance can help to add another level of awareness and defense to better protect organizations from threats.