No one suspects the Butterfly: New hacker group is infiltrating the world's largest corporations

Canada is among the top three countries with multi-billion dollar corporations targeted by a new sophisticated hacker group. This time, the target isn't customers' identifying details and credit card information, but the confidential information and intellectual property of the companies themselves.

Butterfly (formerly known as Morpho, but changed to avoid confusion with legitimate companies) has engaged in sophisticated corporate espionage and stolen secrets from 49 different companies in 20 different countries across a wide number of sectors.

These include major American technology companies and large pharmaceutical companies in Europe, along with others in the IT and commodities industries. The four Canadian companies that were attacked are known, but have not been released publicly.

The group first came to public attention in 2013 when Microsoft, Apple, Facebook and Twitter all disclosed that they'd been compromised, but Butterfly's activities go back to 2012 and their attacks have continued to increase to this day.

Butterfly launches custom malware of their own design – sophisticated enough to include its own help files – onto any computer inside a corporation. From there, it looks to move from an end user computer to an e-mail server where it can capture all of the e-mail that moves through that organization. Once it has collected a certain amount of data, it sends the information to a website where it can be viewed by a Butterfly member and sold to the highest bidder.

“This is a group that has the discipline and the organizational skills of a nation state, but they've pointed it towards out and out crime,” says Kevin Haley, director of Security Response at Symantec – the cyber security firm that has been investigating Butterfly since they came to public attention.

What they suspect is that the group is anywhere from eight to ten people and that they are based in North America, given that they seem to work according to American time zones and parts of the code indicate a familiarity with American pop culture, including the meme, “All Your Base Are Belong to Us!”

What's at stake are corporate secrets and intellectual property, so it may not seem like Butterfly has a direct impact on the customer the way credit card or identity theft does, but Haley assures these activities can have a great impact on the average person in the long term.

“If you trade stocks, you may end up not making as much money as the person who received illegal information. The products may end up costing more and people could lose their jobs if a rival ends up building a better mouse trap faster because they had access to a competitor's plans,” said Haley to Yahoo Canada.

Besides, Haley points out that just the news of being hacked makes customers more reluctant and paranoid about doing business with victimized companies.

“If you find out that anyone you do business with has been hacked into and things have been stolen, it gives you pause and that's one of the reasons companies have been very reluctant to come forward and admit that this has happened to them.”

So what can companies do to better secure their systems and data? According to Haley, it’s actually not dissimilar from what Symantec recommends the average person do to protect their own networks at home.

“There's a lot of best practices that are not being followed,” says Haley. “Companies need to review their security plans, make sure they're following best practices, make sure they have good security software and good plans in place. The big thing is, people need to start thinking about the data they have and how to protect it. This includes not just customer information, but intellectual property.”

You'd think large, multi-billion dollar corporations would have more of a handle on all this, but Haley recommends basic things like making sure your security software is patched and up-to-date, making sure you have security software on all your company computers and making sure you have a policy that details what you do if you suspect that an attacker has gotten inside.

“In 2014, five out of every six large corporations had actually been targeted for attack,” says Haley.

“These people are persistent, eventually they will find a way in and if they get in, are you prepared? Do you have a team that is trained on what to do if you suspect an attacker has got in, so that you can react to it and minimize the effects of them breaking in?”