Nation State Cyber Attacks

Nation State Cyber Attacks

No target is too insignificant for the big player hackers.

Compared to the costs of conventional weapons; cyber is a relatively cheap method of attack and defence.  Military hardware is heavily dependent on technology requiring high level computer skills to keep it running but exposing it to the same risks as other computerised systems.  Any serious disruption to front line military hardware will bring on a full scale shooting war.  The current Nation State cyber-attack scene is to gain knowledge and disrupt while keeping well away from any casus belli.

Attacks are likely to stay away from obvious military or infrastructure targets and aim for the soft underbelly.  This is looking to be the supply chain.  Disrupt the supply of the ‘thing-ummy bob’ and you can win the war (thank you to Gracie Fields).  Fortunately there is no all-out war and hopefully there is not going to be one but Nations need to prepare for the worst.  Having an offensive cyber strategy is only any use if you know that it works.  That must involve trying it out.  This requires some subtle deployments to ensure that not too much fuss is caused.  As a bonus the operation might make a little cash on the side through ransomware.

In the UK the National Cyber Force has been established to counter threats including those from Nation States.  Governments have taken action against foreign cyber threats by restricting which countries can operate or supply hardware.  Huawei 5G hardware has been banned in the UK and USA because of possible threats from the firmware running the devices.   Steps such as these do reduce the Nation State threat but tend to shift the attacker’s sights onto softer and less obvious targets within the business world.

In 2020 the SolarWinds Orion platform was compromised by the hacker group Nobelium.  Orion is a core SolarWinds product concerned with Network monitoring and analysis.  In SolarWinds’ own words Orion is ‘One vendor. One platform. One single pane of glass’; Nobelium threw a brick through the glass.  The vulnerability has since been fixed but this was a sophisticated attack delivered through official SolarWinds patches that could harvest user’s data without any obvious effects on Orion’s performance.  No nation has admitted responsibility for sponsoring Nobelium but it clearly has access to substantial resources.

The implication for industry is that any business could be the target of an attack even through well established and trusted suppliers.  Unlike Ransomware or Denial of Services incidents there may not be any signs within the system that any attack has taken place.  A recommended safeguard is always to ensure that systems are patched to the latest version.  Unfortunately the SolarWinds Orion attack was through its own patches.  Although this distribution method could be used again patching should never be discontinued or delayed.  The risks from zero day attacks are to be judged greater than from malware within patches.

Combatting Nation State Attacks

Bulletins from trusted security sources should be monitored for news on compromised systems.  Kindus display a selection of trusted security incident news feeds.

Analysis of local log files will provide evidence of suspect activity.  Commercial software will shift through copious log output and report trends and alert to unexpected events.  Suspicious activity to look out for would include:

  • Multiple log-in failures
  • Access from unexpected IP addresses
  • Unusual activity within infrequently used accounts
  • Password changes for admin accounts

If there is evidence of an attack any compromised systems should be isolated from the network.  It is unlikely that this the sole target of an attack.  Web searches for similar incidents should provide additional information or confirm that any reports are ‘normal’ for the situation in question.   In the UK suspected cyber-crime incidents should be reported to the National Cyber Security Centre.

 

More from Security

13/05/2024

eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that: ‘As of April …

Read post

08/05/2024

Lockbit Ransomware Takedown

In February 2024 the UK National Crime Agency released details of how the NCA and other international policing agencies had disrupted the actions of …

Read post

23/04/2024

UK Cyber security breaches survey 2024

Lies, damned lies, and statistics (attributed to Disraeli) The UK Cyber Security Breaches Survey 2024 was published on 9th April 2024.  Not surprisingly it …

Read post

25/03/2024

Digital Gift Card Issues

Both Apple and Google offer gift card services for use on their App stores.  Just as it states on the tin the card can …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories