Ex-GCHQ Boss: Nation State Cyber-Attacks Affect Everyone

Cyber attacks by cyber states used to be a small part of the problem for state authorities to address, but now all organisations are potential targets of nation state attacks, according to Robert Hannigan speaking out at Infosecurity18 in Loondn, followimg his move from running GCHQ to the private sector. 

“We are seeing a cross over between nation states and criminal groups acting on their behalf, sometimes with the same people working on nation state cyber activities by day and criminal activities by night,” he told Infosecurity Europe 2018 in London.

“However, most cyber-attacks, even the most sophisticated nation state attacks, exploit the same things, namely poor patching, network configuration and password management, so simply by doing the basics properly, 80% to 90% of attacks can still be prevented or mitigated,” he said.

The other piece of good news, said Hannigan, is that most company boards now understand the importance of good cyber security and are planning to invest more in this area, and this has been accelerated by the need to comply with the General Data Protection Regulation (GDPR).

Hannigan said he was also encouraged and delighted by the success of the National Cyber Security Centre’s Active Cyber Defence Programme.

“This is being piloted in government with the plan of rolling this out nationally through internet service providers. This programme is demonstrating that it is possible to take effective measures at a national level, and the UK is leading the way internationally in this kind of experimentation,” he said.

A Commoditised Industry
One of the biggest changes in recent years that Hannigan highlighted is the fact that cyber criminals no longer need technical skills to mount attacks.

“The number of cyber-crime actors and cyber-attacks is increasing mainly due to the availability of cyber-crime tools and services on the deep or dark web,” he said. “Cyber-attacks are now cheaper and easier than ever, and that has helped to escalate the threat.”

This commoditised industry is being driven by organised crime groups that are able to pull in whatever skills they need from anywhere in the world, said Hannigan.

“The commodity crime-ware market is the ultimate gig economy. It is a powerful business model, and the top groups have an impressive agility in moving from one money making opportunity to the next,” he added.

However, Hannigan said cyber criminals typically go after the easiest, softest targets. “For cyber defenders, this means it is really about hardening everything to the point that it is not worth the attacker’s effort rather than achieving perfection,” he said.
Defenders also need to be aware that attackers are now scanning for common vulnerabilities, said Hannigan, which means they will strike wherever they find an opportunity, adding that this is an area where attackers are most likely to start using artificial intelligence (AI) technology.

“Many companies that thought that they were below the radar have woken up to this threat when they became collateral damage, because they had the same vulnerabilities in their networks as attack targets,” he said.  

Threat of Nation State Attacks
Returning to the topic of nation state attackers, Hannigan said the main actors are North Korea, Iran and Russia.
While North Korea is focused on stealing foreign currency in the digital world as it is in the physical world, he said Iran is “good at calibrating cyber-attacks for effect”, which is why a cyber response is expected if the nuclear deal with six world powers collapses.

“Russia is at the higher end and we have been locked in a cyber conflict with them for a while,” said Hannigan, adding that Russia has invested a significant of time and money in developing its cyber capabilities in the past 10 years.

“Although we have seen Russian activity since the early 90s, what has changed is the decision to weaponise its cyber activity, from disrupting power supplies in Ukraine to disruption election in the US and elsewhere.

“Attacks on utility and energy companies is a great political weapon, and although these attacks use traditional techniques such as spear phishing and watering hole attacks, they are taking these techniques to a new level by sending phishing emails from within company networks and compromising legitimate websites for watering hole attacks,” he said.

Hannigan also expressed concern about the ability for cyber actors to compromise supply chains to infect software updates and equipment.

“A network router is a worrying place to find any unauthorised party, especially if it is a state actor who is willing to do damaging things and who is getting more sophisticated, more brazen and less worried about getting caught,” he said.

In this context, Hannigan said the “risk of miscalculation and unintended consequences is huge” and although no one has been hurt or killed as the result of cyber-attacks, if malicious actors are increasingly tampering things such as medical equipment, it is “only a matter of time”.

The current state of the cyber threat landscape, said Hannigan, means that while old the old threats and risks will never go away, organisations need to look at the emerging threats to ensure they are able to counter these in the future.

“New problems will be amplified by the expansion of the attack surface mainly due to the proliferation of devices making up the internet of things,” said Hannigan.

“There is evidence that the market will not self-correct, so we need to find ways of changing that, which could be a mix of legislation. But in the meantime, organisations should be looking at what is connecting to their networks, evaluate the security risk, and mitigate that,” he said.

Hannigan also cautioned organisations about the need to ensure that they are paying enough attention to security in the cloud.

“Many cloud providers claim that data in the cloud is typically safer than on premise, and generally that is true because cloud service providers typically have greater security resources than their customers, but there are caveats, as outlined in NSCS guidance, and organisations should ensure they look at that.”

Computer Weekly

You Might Also Read: 

Former Spy Chief Takes Top Cybersecurity Job:

N.Korea Will Target UK Financial Services:
 

« Pentagon Faces Big Challenges In Retaining Cyber Talent
Aircraft Can Be Successfully Hacked In-Flight »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

BalkanID

BalkanID

BalkanID is an Identity governance solution that leverages data science to provide visibility into your SaaS & public cloud entitlement sprawl.

Traceable

Traceable

Traceable was founded to protect applications from next-generation attacks.

ACI Learning

ACI Learning

ACI Learning - Training tomorrow’s industry leaders with formats for all types of learners in Audit, Cybersecurity, and IT.

InfoSec Brigade

InfoSec Brigade

InfoSec Brigade offers a suite of specialized solutions that help businesses to mitigate risk by integrating cyber and IT security protocols with business goals.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.

GrabDefence

GrabDefence

GrabDefence enables digital businesses to thrive by safeguarding their ecosystem against fraud risk, digital identity threats and compliance challenges.