Since the 2016 U.S. Presidential Elections, cybersecurity experts and the U.S. intelligence agencies noticed an increase in hacking activities from Russia. The trend has continued with the 2020 Elections as well. While this time agencies took precautions and strengthened security measures, it wasn't smooth sailing for them. With just a day left for the 2020 Elections, Russian hackers intensified their attacks on servers in the U.S.
Cybersecurity experts noted a 98-percent increase in the activities with hackers launching brute-force attacks. The activities were logged in the "honeypots" they set up to track the hackers. The honeypots were excluded from the main servers but it imitated functioning servers. Experts noticed that those honeypots were attacked daily over the last two months and in the last few days the activities significantly increased.
What Are Cyber Honeypots?
From a cybersecurity perspective, a honeypot is a computer system that mimics the target but is actually a trap for hackers to attract them. A honeypot logs all the intrusions and unauthorized use so that security experts can gain information on the hackers. By using a honeypot, security experts can identify types of attacks and malware so that they can prevent such attacks from happening in a functioning server.
"Attacks targeted at SSH and Telnet honeypot designed to log brute force attacks. Attempts to break in skyrocketed, reaching a 98 percent uplift overnight. What is interesting, that half of all attacks came from a single network without efforts to disguise that it originated from Petersburg, Russia," Daniel Markuson, NordVPN's digital privacy expert, told TechRadar
New Malware Detected
The recent cyberattacks also prompted the U.S. Cyber Command to look into the tools Russian hackers had been using. In its investigation, the agency found that Russian attackers were using eight new malware samples with six of them were ComRAT malware and the other two being strains of Zebrocy malware.
By identifying the malware, the federal agency formally associated the two malware families to Russian hackers, whose aim was to disrupt the U.S. Presidential Elections. The Cyber Command, Federal Bureau of Investigation (FBI) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) published two advisories regarding ComRAT and Zebrocy.
Until then, only private cybersecurity agencies had attributed the attacks to Russian hackers affiliated to their government while government agencies never made a formal announcement to link the attacks to the Russian government.
Hunting Down Hackers
With Russian hackers actively targeting U.S. companies and government networks, the Cyber Command began its own operations to hunt down the attackers. Launched in 2016, the agency sent teams to East European countries to identify groups behind the attacks.
Through its operations, the agency, which works as the U.S. military's cyber defense and offense, took down a Russian troll network targeting the U.S. Elections on social media platforms. "Since 2018, we have expanded our hunt forward operations to all major adversaries," Cyber Command's Deputy Head, Lt. Gen. Charles Moore Jr told the New York Times.
The agency worked with the allied countries to hunt down the hackers by either infiltrating their network or getting close to them. This way, Cyber Command could identify and neutralize the attacks on the U.S. During the 2016 Presidential Elections, the agency was not involved in identifying threats as it was still a novel approach in meddling in an election. But this time, they had a head start.
"We want to find the bad guys in red space, in their own operating environment. We want to take down the archer rather than dodge the arrows," Moore said.