The recent news of FireEye’s security breach has sent shockwaves through the cybersecurity community. What’s more worrisome is the fact that CEO Kevin Mandia has gone on record stating that the attack is the result of state-sponsored cyber attacks.
As modern technology and cybersecurity threats evolve, their use as tools of war and espionage have been increasing. The normal rules of warfare don’t readily apply in this theater of conflict, however, which means that private businesses and even individuals can get caught up in state-sponsored attacks. Here, we’ll break down the who, what, and how of state-sponsored cyber attacks and how they impact businesses in the United States.
What is State-Sponsored Cyber Warfare?
As the name implies, state-sponsored cyber warfare is the use of technologies to break security measures on critical digital infrastructures in another country. These technologies are used by governments or government-adjacent groups to undermine an enemy or rival in another country and typically serve as a component of larger military, intelligence-gathering, or counter-intelligence operations.
What’s different about state-sponsored cyber warfare is that it isn’t part of the typical rules of engagement we’d expect in a war. State-sponsored cyber attacks usually have one of three goals:
- Gathering intelligence on critical assets. This is perhaps the goal most aligned with traditional military intelligence. State-sponsored hackers can use digital technology to steal state secrets like military records, secret governmental information and PII for public figures.
- Exploiting money from citizens and private organizations. Cyberattacks have, for decades, been the purview of individuals or non-governmental groups. These attacks often served as scams or acts of theft against private businesses to collect money or data to facilitate further acts of fraud.
- Finding a weakness in public and private infrastructure. As private and public technologies become more interconnected, it has also become more beneficial for malicious foreign agents to probe public and private digital infrastructures for security weakness. This form of attack and data gathering operation can lead to large security breaches or more opportunities to scam businesses.
These attacks, being aligned with political or military interests, will often have more resources available than typical cyberattacks, but they will often use the same methods to achieve their goals. They will even go so far as to leverage non-military or non-governmental groups to disassociate responsibility. This approach is the strength of this kind of warfare: it’s hard to officially attribute state-sponsored attacks to anyone.
Where are Attacks Coming From, and Who are They Targeting?
Another advantage of cyber warfare is that it doesn’t require a large investment to get significant results for the attacking party. Because of this, using cybersecurity attacks opens up an entirely new front for militaries and paramilitary groups who want to attack large targets, like established economies in the U.S. and Europe.
As such, state-sponsored cyber attacks come from a number of countries:
- In November 2020, Hamas was found to have used headquarters in Turkey to launch cyberattacks targets in countries like Israel.
- A North Korean cyber-espionage campaign was identified by the FBI and CISA in October 2020, targeting governmental entities in South Korea, Japan and the United States.
- China has been one of the leading supporters of cyber warfare for years, most recently targeting U.S. military-industrial assets. China is also accused of using cyber terrorism to influence the 2016 and 2020 presidential elections.
- Russia has notoriously been part of an ongoing scandal in which Russian hackers were accused of attempting to influence the 2016 and 2020 presidential elections. This includes allegations (supported by the U.S. intelligence community) of hacking the secure servers of the Democratic National Convention and releasing said emails through intermediaries.
- Iranian hackers have targeted government agencies in neighboring Iraq, Kuwait, Turkey, and the UAE to gather military intelligence. They were also accused of
launching phishing campaigns against universities in several countries as well as the Munich Security conference to gather intelligence on foreign policy.
There are no 100% safe havens for cyber warfare, even in the cloud. The nature of cyberattacks means that the public and private sectors of most developed countries are undergoing some kind of attack or counterattack that incurs significant costs in labor and funds. For example, the National Cyber Security Coordinator reported that cybercrime cost the Indian economy nearly $17 billion in 2019.
These attacks are not just against military and government agencies. Over the past decade, cyberattacks from state-sponsored organizations have targeted energy firms and infrastructure, entertainment companies, and, as mentioned here, security agencies.
For example, consider the malware program Regin. Symantec (now Broadcom) reported on the Trojan malware in November 2014, naming it as a significant espionage tool. The complexity of the malware, coupled with the kinds of resources needed for its development, suggests that it was built specifically as a cyber warfare tool for a nation-state.
According to Broadcom, the initial infection predominantly targeted individuals, small businesses, and telecoms.
What this suggests is that complex malware and state-sponsored cyber attacks don’t have to target a specific industry or company. While they may have more impact in certain areas, a single sophisticated malware can undermine organizations and the private and public sector at a massive scale.
How Can Businesses in the United States Defend Themselves?
The first step is to stay ahead of what’s happening in the global cybersecurity space. The FireEye attack was not attributed to a specific governmental agency by the company, but this kind of non-attribution is rare. While hacks are almost always deniable, security agencies can, and do, make logical, educated determinations about the origin country and political affiliation of the group responsible.
Several organizations provide up-to-date information on state-sponsored cyber attacks. MITRE ATT&CK is a database of the most recent cyberattacks in the world that helps security and IT companies better understand the nature of modern digital threats.
Following that, it’s necessary to stay compliant with all regulations in your industry. That includes maintaining minimum levels of data encryption and network protection, data backups, and updated security software. In industries that call for work with third-party auditors (like governmental work requiring FedRAMP certification), it means cultivating relationships with auditors, security companies, and compliance consultants to ensure that your organization is always armed with the right security controls.
Finally, it’s important to know that the weakest links of any organization are people who don’t understand how to stay safe. Phishing is, and likely will remain, the most common form of attack around. Untrained employees that don’t understand how to watch out for email scams.
Risk Management is Critical for Businesses in Our Digital World
Because many businesses do not see state-sponsored cyber attacks as real threats, their risk management strategies aren’t as effective in addressing them. As more companies large and small begin to realize the threat that these foreign actors represent, however, they are beginning to develop more holistic risk management frameworks to help them.
Don’t make risk management your least priority. Stay ahead of the increasingly challenging world of global cybersecurity with a partner that can support your governance, auditing, and risk management needs. Call 1-888-896-7580 to discuss your security with Lazarus Alliance experts.