Ex-GCHQ Boss: Nation State Cyber-Attacks Affect Everyone

Uploaded on 2018-06-11 in NEWS-News Analysis, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Cyber attacks by cyber states used to be a small part of the problem for state authorities to address, but now all organisations are potential targets of nation state attacks, according to Robert Hannigan speaking out at Infosecurity18 in Loondn, followimg his move from running GCHQ to the private sector. 

“We are seeing a cross over between nation states and criminal groups acting on their behalf, sometimes with the same people working on nation state cyber activities by day and criminal activities by night,” he told Infosecurity Europe 2018 in London.

“However, most cyber-attacks, even the most sophisticated nation state attacks, exploit the same things, namely poor patching, network configuration and password management, so simply by doing the basics properly, 80% to 90% of attacks can still be prevented or mitigated,” he said.

The other piece of good news, said Hannigan, is that most company boards now understand the importance of good cyber security and are planning to invest more in this area, and this has been accelerated by the need to comply with the General Data Protection Regulation (GDPR).

Hannigan said he was also encouraged and delighted by the success of the National Cyber Security Centre’s Active Cyber Defence Programme.

“This is being piloted in government with the plan of rolling this out nationally through internet service providers. This programme is demonstrating that it is possible to take effective measures at a national level, and the UK is leading the way internationally in this kind of experimentation,” he said.

A Commoditised Industry
One of the biggest changes in recent years that Hannigan highlighted is the fact that cyber criminals no longer need technical skills to mount attacks.

“The number of cyber-crime actors and cyber-attacks is increasing mainly due to the availability of cyber-crime tools and services on the deep or dark web,” he said. “Cyber-attacks are now cheaper and easier than ever, and that has helped to escalate the threat.”

This commoditised industry is being driven by organised crime groups that are able to pull in whatever skills they need from anywhere in the world, said Hannigan.

“The commodity crime-ware market is the ultimate gig economy. It is a powerful business model, and the top groups have an impressive agility in moving from one money making opportunity to the next,” he added.

However, Hannigan said cyber criminals typically go after the easiest, softest targets. “For cyber defenders, this means it is really about hardening everything to the point that it is not worth the attacker’s effort rather than achieving perfection,” he said.
Defenders also need to be aware that attackers are now scanning for common vulnerabilities, said Hannigan, which means they will strike wherever they find an opportunity, adding that this is an area where attackers are most likely to start using artificial intelligence (AI) technology.

“Many companies that thought that they were below the radar have woken up to this threat when they became collateral damage, because they had the same vulnerabilities in their networks as attack targets,” he said.  

Threat of Nation State Attacks
Returning to the topic of nation state attackers, Hannigan said the main actors are North Korea, Iran and Russia.
While North Korea is focused on stealing foreign currency in the digital world as it is in the physical world, he said Iran is “good at calibrating cyber-attacks for effect”, which is why a cyber response is expected if the nuclear deal with six world powers collapses.

“Russia is at the higher end and we have been locked in a cyber conflict with them for a while,” said Hannigan, adding that Russia has invested a significant of time and money in developing its cyber capabilities in the past 10 years.

“Although we have seen Russian activity since the early 90s, what has changed is the decision to weaponise its cyber activity, from disrupting power supplies in Ukraine to disruption election in the US and elsewhere.

“Attacks on utility and energy companies is a great political weapon, and although these attacks use traditional techniques such as spear phishing and watering hole attacks, they are taking these techniques to a new level by sending phishing emails from within company networks and compromising legitimate websites for watering hole attacks,” he said.

Hannigan also expressed concern about the ability for cyber actors to compromise supply chains to infect software updates and equipment.

“A network router is a worrying place to find any unauthorised party, especially if it is a state actor who is willing to do damaging things and who is getting more sophisticated, more brazen and less worried about getting caught,” he said.

In this context, Hannigan said the “risk of miscalculation and unintended consequences is huge” and although no one has been hurt or killed as the result of cyber-attacks, if malicious actors are increasingly tampering things such as medical equipment, it is “only a matter of time”.

The current state of the cyber threat landscape, said Hannigan, means that while old the old threats and risks will never go away, organisations need to look at the emerging threats to ensure they are able to counter these in the future.

“New problems will be amplified by the expansion of the attack surface mainly due to the proliferation of devices making up the internet of things,” said Hannigan.

“There is evidence that the market will not self-correct, so we need to find ways of changing that, which could be a mix of legislation. But in the meantime, organisations should be looking at what is connecting to their networks, evaluate the security risk, and mitigate that,” he said.

Hannigan also cautioned organisations about the need to ensure that they are paying enough attention to security in the cloud.

“Many cloud providers claim that data in the cloud is typically safer than on premise, and generally that is true because cloud service providers typically have greater security resources than their customers, but there are caveats, as outlined in NSCS guidance, and organisations should ensure they look at that.”

Computer Weekly

You Might Also Read: 

Former Spy Chief Takes Top Cybersecurity Job:

N.Korea Will Target UK Financial Services:
 

« Pentagon Faces Big Challenges In Retaining Cyber Talent
Aircraft Can Be Successfully Hacked In-Flight »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Bambenek Consulting

Bambenek Consulting

Bambenek Consulting is an IT consulting firm focused on cybersecurity and cybercrime.

Skyhigh Networks

Skyhigh Networks

Skyhigh is the leading cloud access security broker (CASB) trusted by enterprises to protect their data in thousands of cloud services.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

IoT European Research Cluster (IERC)

IoT European Research Cluster (IERC)

IERC brings together EU-funded projects with the aim of defining a common vision for IoT technology and development research challenges.

AdaptiveMobile Security

AdaptiveMobile Security

AdaptiveMobile Security, a world leader in mobile network security, protecting more than 2.2 billion subscribers worldwide.

Pareteum

Pareteum

Pareteum is a leading Global provider of mobile networking software and services. Our mission is to provide a single solution to the problem of fully enabling and securing the Mobile Cloud.

Acuant

Acuant

Acuant is a leading global provider of identity verification, regulatory compliance (AML/KYC) and digital identity solutions.

Quantstamp

Quantstamp

Quantstamp are experts in Smart Contract Security Audits. We provide verification that your decentralized system works as intended.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

XS Matrix Security Solutions

XS Matrix Security Solutions

XS Matrix provide solutions to detect, measure and take effective actions against unnecessary or conflicting access rights.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.