Who is hacking your network, and why are you being targeted?

Historically, hackers operated in limited cells consisting of small-scale networks of highly trained individuals. The aim was clear: to extort businesses and VIPs for economic gain. Today the paradigm has shifted in both who is perpetrating cyber-crimes as well as what they intend to achieve.

While financial motivation still guides many cyber incidents, increasingly malware and social engineering tactics have been used to influence elections, attack critical infrastructure and even steal vaccine research. Far beyond the scope of opportunists, state actors are utilizing hackers and cyber-criminal networks to devastating effect.

Bringing military capabilities into the hands of cyber terrorists, the rise of state actors has completely alter the cyber security ecosystem.

In this blog we’ll take a look who are the most prominent states using cyber-attacks to gain their economic and political aims, how military grade cyber technology is being used to impact the private sector as well as some basic tools to decrease your cyber risk.

Who are the players?

The players in cyber warfare are as diverse as they are malicious. Composed of ad hoc hacker networks, highly skilled global organizations of cyber mercenaries, and increasingly, state-sponsored groups who have massive financial backing, murky end goals, and no desire to take prisoners.

According to the Council on Foreign Relations “since 2005, thirty-three countries are suspected of sponsoring cyber operations. China, Russia, Iran, and North Korea sponsored 77 percent of all suspected operations. In 2019, there were a total of seventy-six operations, most being acts of espionage.”

Iran

With a full range of traditional and soft power elements exerting influence worldwide, in recent years the Iranian regime has begun to complement its military strategy by increasingly relying on military supported hacking programs.

According to Yigal Unna, director-general of the Israel National Cyber Directorate, in April 2020 the Islamic Republic of Iran conducted “synchronized and organized attacks that could have not only cut off water to the country's population in the middle of the coronavirus crisis but also have harmful or even disastrous consequences by the addition of the wrong proportions of chemicals such as chlorine into the water.”

Unna suggested the cyber-attack on Israel's water infrastructure was the first attack of its kind in history.

The Iranian regime attempt to "increase of the chlorine would have likely triggered an automatic shutdown of the pumping stations, cutting the water supply to tens of thousands of civilians and facilities, according to the official, who said hundreds of people would have been at risk of becoming ill.”

While a traditional military intervention could result in the loss of life to combatants, Iran’s attempt to compromise Israel’s domestic water supply used the cyber domain to attempt to severely injure millions of civilians.

Russia

While Iran has focused on using cyberwarfare to harm national infrastructure, the Russians have used hacking to target intellectual property connected to covid-19 research. According to UK security minister James Brokenshire, “Britain is more than 95% sure, that Russian state-sponsored hackers targeted UK, US and Canadian organizations involved in developing a coronavirus vaccine.”

Russian state-backed hackers have previously been accused of infiltrating computers used by sports anti-doping agencies as well as stealing data from Swiss chemicals laboratory where novichok nerve agent samples from the Salisbury attack were analyzed. From a political standpoint, the Russians have also been accusedof hacking the Democratic National Committee as well as dozens of international sporting organizations.

China

China is consistently cited as one of the leading forces behind the use of hackers for prolific cyber espionage attacks. Chinese cyber-attacks directed against western powers, especially the United States, have become so prevalent that they merited a new category name: Advanced Persistent Threats (APT).

The Chinese military has even formed a specialized unit (PLA Unit 61398), that is composed of experienced hackers. Unit 61398 has stood at the forefront of numerous espionage campaigns targeting critical infrastructural and counter-surveillance.

China has used the Covid-19 global pandemic as the spark plug to ignite its global hacking program.

According to Wired “State-sponsored actors working on behalf of the Chinese government and its security services have tried to “profit from the crisis” and steal information that could be beneficial to the country, a senior Western security source says. These include attacks on a major social care company in the UK.”

Beijing has denied stealing intellectual property and, in response has accuses the US of similar cyber-attacks targeting Chinese Community Party officials. Moscow has repeatedly denied state involvement in cyber-attacks.

What can you do to protect your assets?

Prioritizing email security & training your staff in cyber best practices are the most effective and cost-conscious way to keep your data secure. With 94% of malware entering businesses security perimeter through email attachments, integrating additional security layers at the email gateway is key.

While less is more might be the adage in fashion and design, for security more is more is a bit more accurate.

Legacy systems, such as antivirus or sandboxes-based protection elements are vital to securing your data from known threats, but they still leave significant gaps for system bypasses and deep hacks. To counter these zero-day attacks innovative ATP products such as CDR should be implemented to enhance and complement existing cyber security protocols.

To consult with a cybersecurity expert contact us at info@odi-x.com