State-sponsored Hackers Gear Up for G20

Security experts have warned that this weekend’s G20 Summit in Brisbane could form the backdrop to widespread cyber intrusions, web defacements and even DDoS attacks.

A new Threat Assessment report from security firm CrowdStrike claimed that events in the past have proven to be a fertile hunting ground for state-sponsored hackers, using G20 as a spear phishing lure to install Remote Access Tools (RATs) on victim machines.

They’ve also seen defacements of G20 web properties and even DDoS attacks against various parties by hacktivist collective Anonymous.

Last year in St Petersburg there were even rumors that Russian hosts had handed out free USB sticks infected with malware.

CrowdStrike said that although “Australia is well prepared in general terms” for cyber security at the summit, entities directly or indirectly interested in the event should prepare for spear phishing campaigns.

China is likely to be among the most active countries, it claimed, using social engineering to install RATs on victim PCs.

The report added:

“CrowdStrike and others have documented multiple instances of Chinese intrusion sets, including NUMBERED PANDA, TEMPER PANDA, and Ke3chang/VIXEN PANDA, using the G20 Summit as a lure in previous spear phishing efforts. These actors consistently make use of high-profile events and summits in their campaigns.”

Hacktivists may also use the event to protest about Australia's controversial surveillance laws and climate change policies, with the additional prospect of Anonymous Indonesia resurrecting a November 2013 campaign against Australia, it claimed.

The presence or otherwise of Russian president Vladimir Putin could also provide a potential flashpoint for cyber activity, given the ongoing international outrage at the downing of a Malaysian Airlines flight over east Ukraine.

CrowdStrike also warned delegates staying out of town to be doubly vigilant:

“Many of these attendees are thus expected to be lodged at a certain distance from downtown Brisbane’s venues and to be shuttled there daily. This could result in greater vulnerabilities in hotels, restaurants, coffee shops, and other places that may not have the same level of scrutiny or IT security standards as those at the main venue. Oftentimes, intelligence breaches begin by targeting an official’s assistants and aides rather than the principal himself (and lower-level employees or aides are likelier to be lodged in the less-impressive facilities).”

Last week it emerged that the Australian spy agency released a guide on how to stay safe during the event.

The Australian Signals Directorate advice included not using public Wi-Fi, webmail or gifted removable media for business purposes.

What’s Hot on Infosecurity Magazine?