Growth of Criminal Activity Against Data
The value of data varies greatly, and criminal Activity are acutely aware of which data will bring the best return with the least risk. Identity theft and credit card fraud, according to the FBI and other law enforcement organizations, are significantly underreported, and the cases are often complex, making prosecution difficult. Other forms of intellectual property, such as source code, digital media content, and research are also frequently the target of criminal actors.
Individual Actors
The widespread availability of personal data, coupled with lax controls, have made it relatively easy for individual criminal Activity to target digital assets. Many significant and costly breaches have been accomplished by individuals with single computers and a dial-up Internet connection.
This is likely to continue as connectivity spreads to parts of the world where the return on hacking and identity theft relative to the risk of being caught is significantly in favor of the hacker. In many developing countries, the lack of cybersecurity expertise is even greater than in other parts of the world, precisely because talented and trained individuals seek more lucrative employment opportunities. Further compounding the problem is that information security practices in developing countries often lag behind the industry, and this allows attacks that would be unsuccessful elsewhere to be effectively used in these areas.
The development of simplified tools that make attacks available to less technical actors also create opportunities for individuals to profit from theft of media. Dozens of tools, like Metasploit, w3af, Core Impact, and others, can be misappropriated to compromise the systems they are designed to evaluate. Individual actors are often motivated by the publicity or professional recognition of their skills. To take advantage of this, many organizations offer bug bounties to reward individuals who identify security flaws so they can be remediated.
Related Product : Certified in Risk and Information Systems Control | CRISC
Organized Crime
While attacks have traditionally been perpetrated by individuals, recent investigations suggest that continuing criminal enterprises (organized criminal gangs) are targeting sensitive information. In June 2017, a group of individuals in New York associated with the Bloods gang imprinted credit cards with stolen identity information and charged hundreds of thousands of dollars in shopping trips to local stores. The gang created the cards using blank Visa, MasterCard, and American Express cards, including some that used chip-and-pin technology.
Credit card information remains one of the most valuable commodities for thieves internationally. In May 2106, members of the Yakuza executed 14,000 withdrawal transactions against accounts held by the South Africa Standard Bank using ATMs at 7-Eleven convenience stores over a 3-hour period, withdrawing 1.4 billion yen ($13 million). The carefully selected targets, timing, and synchronization of the attack are typical of the actions of organized criminal Activity.
Cyber Warfare—Nation-State Actors
Nation-state actors are acutely aware that more information is now made available electronically and greater reliance is placed on information systems to manage that information. The larger goals and constraints under which the cyberwarfare activities occur are unique to each country, but it is clear that some nation-state actors are using cyber means to sustain their economies, disrupt other nations’ political processes, gain economic advantage, or provide a collateral capability to disrupt their enemies as part of a larger military effort.
To accomplish their respective goals, the various nation-state actors have developed sophisticated tools, identified weaknesses in their targets’ infrastructures, and deployed sophisticated monitoring solutions directed at compromising the security of the information. Many of these nation-state actors make no distinction between private- and public sector organizations and often find lucrative information in private corporations with relatively lax security controls. It is not unfair to say that any organization that has unique intellectual property either has been or will be the target of nation-state actors.
Nation-state actors are equally interested in developing appropriate defenses against cyber threats. The same skills that allow the development of technical capabilities to compromise systems are closely aligned with the skills necessary to secure the same systems. Consequently, most of the nation-state organizations dedicate part of their resources to defending against threats in cyberspace by identifying best practices, providing research, and, where appropriate, communicating vulnerability information to others to allow them to remediate weaknesses.
The nation-state actors have often been closely associated with industries inside their borders. It is not surprising that individuals who develop skills inside their governments’ cyberwarfare operations would subsequently seek to profit from that knowledge by developing products in the private sector. Nevertheless, their previous association may create concerns for their customers, who want to ensure that their supply chain has not been compromised. Information security professionals should be aware of those potential associations so appropriate control can be applied.
Organizations that become targets of nation-state actors face a daunting challenge. Not only do the attackers have interests in a wide range of information, their sophisticated tools combined with the skill, numbers, and persistence of the attackers make defending against a nation-state actor a difficult proposition. Proper threat modeling and well-deployed defenses provide the best chance for organizations to defeat nation-state actor attacks.
United States
The United States government has a number of organizations that develop technical capabilities to compromise information systems. The largest of these organizations, the National Security Agency (NSA), has more than 30,000 employees.
Tasked with monitoring communications outside the United States, the NSA has developed sophisticated tools to exploit target infrastructures. Some sense of the scope of these capabilities were revealed when Edward Snowden, an NSA contractor, exfiltrated approximately 1 million documents from classified networks using his privileges as a systems administrator. These documents detailed a wide range of zero-day attacks and other methods that the U.S. government had developed to support intelligence collection activities. WikiLeaks subsequently published thousands of the documents.
The NSA has also developed capabilities to protect U.S. government networks from compromise. Through the work of the Information Assurance Directorate, the NSA publishes best practices for securing systems, networks, and devices.
The United States, like other countries, often shares intelligence information with its partners. In 2017, the director of the NSA testified before Congress that the United States had warned France, Germany, and the United Kingdom that the Russian government was actively working to influence elections in their respective countries. While this did not prevent the theft and republication of nine gigabytes of data from one of the candidates in the French elections, the forewarning allowed the French candidate time to inject false messages into the information set, degrading the overall impact of the disclosure.
Some of the other agencies with separate but sophisticated capabilities include the Department of Defense (DoD), the Central Intelligence Agency, and the Department of Justice. All of these agencies rely on specific legislative authority to conduct their monitoring and other activities.
United Kingdom
The National Cyber Security Centre (NCSC) provides similar capabilities for the United Kingdom much as the NSA does for the U.S. government. Pulling together a number of organizations that had separate functions under the Government Communications Headquarters (GCHQ), the NCSC provides technical capabilities to support governmental requirements and publishes best-practice security guidance that is widely applicable to both private- and public-sector organizations.
The GCHQ and its predecessor agencies have been at the forefront of cryptographic work for decades. The team of Allied cryptanalysts stationed at Bletchley Park during World War II succeeded in compromising many Axis ciphers, notably the Enigma system. Later, in the 1970s, the development of public key exchange mechanisms was first accomplished by UK cryptographers.
China
The People’s Republic of China has a well-funded and highly capable technical capability to gather intelligence against both military and civilian targets. At the forefront of Chinese hacking efforts are members of Unit 61398, which has deployed advanced persistent threat agents against governments and companies in the United States, Canada, Australia, members of the European Union, and others to collect a wide variety of intellectual property,
personally identifiable information, and information on critical infrastructures. Internally, the Chinese government conducts extensive monitoring of the use of the Internet inside China, limiting access points and censoring materials believed to violate Chinese law. The Chinese government has acknowledged that it has more than 2 million people employed as content censors.
North Korea
North Korea presents a unique problem to information security professionals worldwide. Not only do they have a well-funded and technically capable cyberwarfare capability, but they have actively used that capability to steal information and money and compromise entities that they feel threaten their regime. While the Democratic People’s Republic of Korea does not publicly admit that they are behind these attacks, private researchers and intelligence services worldwide have come to recognize the unique signatures of North Korean hacking operations.
International sanctions imposed on the regime have caused their cyberwarfare operators to focus on targets with a significant financial return. Some of the attackers’ primary targets have been banks, with intrusions documented in more than 18 countries. Other targets include casinos and software developers in the financial services industry. According to the New York Times, the North Korean hacking efforts generate more than 1 billion dollars in revenue annually to the regime. Probably the most recent area of focus by the attackers has been to use and compromise cryptocurrency. The WannaCry virus, although it leveraged an exploit allegedly developed by the NSA, was attributed to North Korean hackers. The virus infected more than 200,000 computers in more than 150 countries, but the effect was amplified in organizations that lacked effective patch management and used legacy operating systems.
Analysis of the attack suggests that the financial return to the attackers was fairly limited, particularly when security researchers publicly announced that few who paid the ransom actually recovered their data. Subsequent attacks on multiple bitcoin exchanges were probably more lucrative. South Korean officials have identified at least four separate attacks on bitcoin exchanges, each generating tens of millions of dollars and in one case causing the exchange to declare bankruptcy.
Others
The long-simmering animosity between India and Pakistan has been escalated to cyberspace on several occasions. While both countries have skilled cyberwarfare specialists, the respective national interests are often abetted by hackers outside the governments.
Both countries had multiple websites compromised on their respective independence days in 2017, events not likely to be the work of intelligence operatives trying to maintain anonymity.
The Ukrainian government has attributed a series of cyber attacks on its infrastructure to the work of Russian intelligence services. Russian attackers have been credited with compromising the accounts in the Yahoo.com mail service and have been accused of using Kapersky antivirus/antimalware tools to extract information from machines where it was installed.
Most other nation-states have some level of technical capability, often purchased from companies like Lench IT Solutions’ FinFisher, Trovicor, and Hacking Team, among others. Their tools are used by law enforcement and other governmental organizations in dozens of countries, within the legal framework of the nation-state.
Nation-state actors will continue to use technical tools to compromise systems when they believe it is in their national interest to do so. Whether to gain economic advantage, acquire information on military capabilities, or monitor internal political dissent, the tools to accomplish these ends exist. Security professionals must remain aware of the changing threat environment and their areas of vulnerability to protect their information assets from inappropriate disclosure.
Follow Us
https://www.facebook.com/INF0SAVVY
https://www.linkedin.com/company/14639279/admin/
