Ex-GCHQ Boss: Nation State Cyber-Attacks Affect Everyone

Cyber attacks by cyber states used to be a small part of the problem for state authorities to address, but now all organisations are potential targets of nation state attacks, according to Robert Hannigan speaking out at Infosecurity18 in Loondn, followimg his move from running GCHQ to the private sector. 

“We are seeing a cross over between nation states and criminal groups acting on their behalf, sometimes with the same people working on nation state cyber activities by day and criminal activities by night,” he told Infosecurity Europe 2018 in London.

“However, most cyber-attacks, even the most sophisticated nation state attacks, exploit the same things, namely poor patching, network configuration and password management, so simply by doing the basics properly, 80% to 90% of attacks can still be prevented or mitigated,” he said.

The other piece of good news, said Hannigan, is that most company boards now understand the importance of good cyber security and are planning to invest more in this area, and this has been accelerated by the need to comply with the General Data Protection Regulation (GDPR).

Hannigan said he was also encouraged and delighted by the success of the National Cyber Security Centre’s Active Cyber Defence Programme.

“This is being piloted in government with the plan of rolling this out nationally through internet service providers. This programme is demonstrating that it is possible to take effective measures at a national level, and the UK is leading the way internationally in this kind of experimentation,” he said.

A Commoditised Industry
One of the biggest changes in recent years that Hannigan highlighted is the fact that cyber criminals no longer need technical skills to mount attacks.

“The number of cyber-crime actors and cyber-attacks is increasing mainly due to the availability of cyber-crime tools and services on the deep or dark web,” he said. “Cyber-attacks are now cheaper and easier than ever, and that has helped to escalate the threat.”

This commoditised industry is being driven by organised crime groups that are able to pull in whatever skills they need from anywhere in the world, said Hannigan.

“The commodity crime-ware market is the ultimate gig economy. It is a powerful business model, and the top groups have an impressive agility in moving from one money making opportunity to the next,” he added.

However, Hannigan said cyber criminals typically go after the easiest, softest targets. “For cyber defenders, this means it is really about hardening everything to the point that it is not worth the attacker’s effort rather than achieving perfection,” he said.
Defenders also need to be aware that attackers are now scanning for common vulnerabilities, said Hannigan, which means they will strike wherever they find an opportunity, adding that this is an area where attackers are most likely to start using artificial intelligence (AI) technology.

“Many companies that thought that they were below the radar have woken up to this threat when they became collateral damage, because they had the same vulnerabilities in their networks as attack targets,” he said.  

Threat of Nation State Attacks
Returning to the topic of nation state attackers, Hannigan said the main actors are North Korea, Iran and Russia.
While North Korea is focused on stealing foreign currency in the digital world as it is in the physical world, he said Iran is “good at calibrating cyber-attacks for effect”, which is why a cyber response is expected if the nuclear deal with six world powers collapses.

“Russia is at the higher end and we have been locked in a cyber conflict with them for a while,” said Hannigan, adding that Russia has invested a significant of time and money in developing its cyber capabilities in the past 10 years.

“Although we have seen Russian activity since the early 90s, what has changed is the decision to weaponise its cyber activity, from disrupting power supplies in Ukraine to disruption election in the US and elsewhere.

“Attacks on utility and energy companies is a great political weapon, and although these attacks use traditional techniques such as spear phishing and watering hole attacks, they are taking these techniques to a new level by sending phishing emails from within company networks and compromising legitimate websites for watering hole attacks,” he said.

Hannigan also expressed concern about the ability for cyber actors to compromise supply chains to infect software updates and equipment.

“A network router is a worrying place to find any unauthorised party, especially if it is a state actor who is willing to do damaging things and who is getting more sophisticated, more brazen and less worried about getting caught,” he said.

In this context, Hannigan said the “risk of miscalculation and unintended consequences is huge” and although no one has been hurt or killed as the result of cyber-attacks, if malicious actors are increasingly tampering things such as medical equipment, it is “only a matter of time”.

The current state of the cyber threat landscape, said Hannigan, means that while old the old threats and risks will never go away, organisations need to look at the emerging threats to ensure they are able to counter these in the future.

“New problems will be amplified by the expansion of the attack surface mainly due to the proliferation of devices making up the internet of things,” said Hannigan.

“There is evidence that the market will not self-correct, so we need to find ways of changing that, which could be a mix of legislation. But in the meantime, organisations should be looking at what is connecting to their networks, evaluate the security risk, and mitigate that,” he said.

Hannigan also cautioned organisations about the need to ensure that they are paying enough attention to security in the cloud.

“Many cloud providers claim that data in the cloud is typically safer than on premise, and generally that is true because cloud service providers typically have greater security resources than their customers, but there are caveats, as outlined in NSCS guidance, and organisations should ensure they look at that.”

Computer Weekly

You Might Also Read: 

Former Spy Chief Takes Top Cybersecurity Job:

N.Korea Will Target UK Financial Services:
 

« Pentagon Faces Big Challenges In Retaining Cyber Talent
Aircraft Can Be Successfully Hacked In-Flight »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

eSecurityPlanet

eSecurityPlanet

eSecurity Planet is the IT professional's top choice for Internet security news and analysis, technical tutorials, product reviews, and buying guides.

Exatel

Exatel

Exatel is Poland’s leading provider of ICT security services.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group, Ltd. (STIGroup) is an innovative firm that provides CyberSecurity consulting, secure IT engineering, managed security services, and human capital solutions.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.