What’s Motivating Hackers?
The highly politicized 2016 cyber attacks on the U.S. feel ever-present in the media and it’s hard to tell the truth from the spin.
In 2016, we saw two high profile Russian cyber attacks on the U.S. In June, it was reported by the Washington Post that Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.
The Wall Street Journal in December reported that Russian hackers tried to penetrate the computer networks of the Republican National Committee, using the same techniques that allowed them to infiltrate its Democratic counterpart, according to U.S. officials who have been briefed on the attempted intrusion.
The Rise of State Sponsored Cyber Attacks
Within the last decade we learned that nation states were developing cyber attack capability. However, we thought it was a tool that they had in their arsenal, but were not willing to deploy. Now we see, in many cases, that nation states are the most active adversaries. They’re experimenting with new tools, techniques and ways of influencing U.S. policy through a cyber attacks.
We see nation states, some of the top players being Russia and China, moving from traditional malware tools to attacking the human element within an organization, and attacking the supply-chain. So it’s not just the ones and zeros part of an attack that’s sophisticated, it’s also the development of exploitations of other weak points within an enterprise.
In addition, criminal groups are adopting the same tools and techniques making the gap between deployment by a nation state and deployment by a criminal group, in terms of time and quality, shrink.
What’s Motivating Cyber Attacks?
Let’s look at the top two players. First, while the Russians have been very active hacking information they can use in a broad information campaign, they remain committed to hacking business information that will assist their competitive standing in the world. They are also very interested in collecting military and diplomatic information. They have put significant talent and resources into targeting U.S. government networks to collect the kind of diplomatic information that gives them an advantage in negotiations or strategic decisions as this information enables them to predict U.S. strategic positions and decisions.
For cybersecurity professionals, it is important to know that both nation states are engaged in both types of activity, I think the emphasis for the Russians is on political, diplomatic and military information and the emphasis for the Chinese is on business information.
The primary objective of Chinese cyber collection capability is to enable their State Owned Enterprises (SOEs) to compete on an economic level. We see a lot of network intrusions that result in exfiltration of intellectual property (IP). That’s a hallmark of Chinese hacking groups, particularly 61398 (In 2014 a federal grand jury in Pennsylvania indicted five people from one of that division’s crews, known as Unit 61398, for stealing trade secrets from companies such as Westinghouse and US Steel; all the defendants remain at large. Source: WIRED)
Group 61398’s efforts are emblematic of the Chinese hacking initiative. If you review their economic plan, many of their hacking groups are aligned to collect the kind of IP and business technology that will enhance the key activities that they need to grow their economy.
Improved Network Perimeter Defenses
Whether a Russian or a kid in his pajamas in his mom’s basement, breaches can be preventable.
Tweet this: .@LeoTaddeoCZ says “whether a Russian or a kid in his PJs in his mom’s basement, breaches can be preventable” @Cryptzone
Adversaries continue to get past network perimeter defenses, so more work needs to be done to harden the interior. Cybersecurity professionals need to make it harder for any adversary to operate in sensitive interior segments by deploying basic protections such as robust authentication, segmentation, encryption, and logging.
Watch a BrightTALK presentation now and download the slides to learn more about why traditional technologies are falling short. You’ll gain important advice from the expert on how to secure the network perimeter. Watch the talk now.