Nation-state cyberattacks: It’s bigger than Iran
- By Craig Hinkley
- Feb 03, 2020
"We are called to be architects of the future, not its victims."
Buckminster Fuller said those words decades ago, but they still ring true, especially as we deal with the reality of nation-state cyberattacks. These attacks are notoriously widespread and far reaching, hitting multiple industries -- from the private to the public sector, from universities to critical infrastructure and from states and municipalities to the election systems of the United States and all over the world. Now, we’re seeing more attacks focused on exploiting vulnerabilities in the applications and websites themselves.
According to the Center for Strategic and International Studies, there have been many attacks on websites, including the following:
- In February 2019, the U.N. International Civil Aviation Organization revealed that in late 2016 it was compromised by China-linked hackers who used their access to spread malware to foreign government websites.
- In August 2019, China used compromised websites to distribute malware carrying previously undisclosed exploits for Apple, Google and Windows phones.
- In October 2019, a state-sponsored hacking campaign brought down more than 2,000 websites across Georgia, including government and court websites containing case materials and sensitive personal data.
- In December 2019, unknown hackers stole login credentials from government agencies in 22 nations across North America, Europe and Asia.
Most of these nation-state attacks targeted government and defense agencies, as well as high-tech companies, with reported losses well into the millions.
It is very difficult to determine where nation-state attacks originate. Sophisticated hackers disguise their exploits by simulating the tools, code signatures and behavior of other nation-states. In many cases, they work through multiple proxies, making it incredibly challenging to identify the real sources of these threats.
There will be more attacks
There is no doubt that these attacks will keep coming. Our society relies on hyper-connectivity. We are in constant communication and can seamlessly connect in many ways across multiple platforms.
Applications drive much of that connectivity, and the attack surface is expanding. According to IDC’s recent survey, by 2021, “some 25% to 34% of new applications will be composed of 30% open source software. Further, the proliferation of sharing data via [application programming interfaces] is creating a growing collection of potential access points for hackers.”
Verizon’s 2019 Data Breach Investigations Report showed that application attacks are No. 1 among security incidents, and Windows applications are the most common vehicles for malware. Additionally, Verizon reported that nation-state attacks have increased from 12% of attacks in 2017 to 23% in 2018.
How to stay vigilant
For the most part, hackers attack where they have the best chances of success. These victims are often the most vulnerable organizations, such as local governments, hospitals and older critical infrastructure systems that are still operating with outdated and unpatched technology. However, application vulnerabilities and websites are increasingly becoming targets. While these attacks are often advanced and difficult to defend against, it is possible for agencies to protect themselves.
Government IT managers should start by requiring vendors to show their work, asking them to provide evidence about the security solutions, processes and policies used to create their applications. If the applications weren’t developed securely in the first place, it's almost guaranteed that they'll introduce more risk into the organization.
Cybersecurity companies all over the globe offer powerful security tools and procedures and have decades of experience navigating and preventing sophisticated attacks. Agencies must ensure that they're putting these resources into place -- everything from the network and firewall level, from the application level down through to the data layer. These steps are not complicated, and they don’t take years or months to implement.
Nation-state attacks aren’t coming from just one country -- it’s a worldwide problem. Staying ahead of nation-state attacks is fundamentally a matter of taking the necessary steps and using vigilance to limit the impact of an attack when it happens.
Craig Hinkley is the CEO of WhiteHat Security.