Nation State Hacking Is On Trend In 2018

Uploaded on 2018-02-12 in NEWS-Cybersecurity News, FREE TO VIEW

Last year was a banner year for cybercrime; more data was stolen in the first six months of 2017 than in the entirety of 2016. Gemalto’s Breach Level Index found that over 900 data breaches occurred during the first half of 2017, compromising 1.9 billion records. 

According to Jing Xie, senior threat intelligence analyst for Venafi, this explosive development in data exfiltration will continue in 2018.

In an even more ominous trend, the number of sophisticated state sponsored cyber attacks increased significantly last year. 

“In 2017, attackers working for nation-states focused on efficiency and return on investment, and they were very successful,” said Xie. 

“As a result, we should expect to see escalations and variations of similar attacks this year.”

Xie examined the condition of nation-state sponsored cyber warfare and offered these predictions and insights for 2018:

The ongoing wrestling match between super powers will move from clandestine programs that are largely carried out behind the scenes to more public attacks aimed at critical infrastructure and services, according to Venafi. Because vital security assets control encrypted communication between machines, many cyber attacks will leverage compromised or rogue keys and certificates. 

A nation-state with this power can bombard critical infrastructure through increasingly sophisticated variations of attacks, sabotaging core services using attacks derived from Stuxnet and Duqu. Venafi says cyber criminals sponsored by nation-states may find ways to exploit the trust models used to control communication between machines. 

The easiest way to accomplish this would be to attack or manipulate Certificate Authorities and the keys and certificates they issue. If successful, this exploit vector would allow cyber criminals to eavesdrop on a wide range of confidential communications, intercept and redirect encrypted traffic, and target government watchdogs and human rights activists.
We saw numerous state-sponsored social media campaigns that concentrated on fostering public doubt, and fear, during the 2016 US presidential elections. 

Venafi says that, due to the success of these campaigns, we should expect additional attacks against local and national elections. Some attacks may even utilise fraudulent identities of both humans and machines to steal and leak sensitive nation-state data. Distressingly, these attacks are occurring in elections around the globe.

“With every major nation-state expanding both offensive and defensive cyber war spending, public and private critical infrastructure and communication providers should expect to be caught in the crosshairs of cyber warfare. 

“As a result of the cumulative impact of powerful spending and attack trends, we should expect to see at least one act of nation-state sponsored cyber warfare that directly impacts citizens this year,” added Xie.

MacTech

You Might Also Read: 

Offensive Security, Cyber Insurance & Cryptocurrencies: 2018 Predictions:

Eight Ways Cyber Threats & Business Security Will Change in 2018:

 

« What Does Brexit Mean For Britain's Spies?
How GDPR Affects Your Marketing Strategy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

4ARMED

4ARMED

4ARMED services cover the end-to-end experience of securing modern software, from design and build through to deploy and test.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

AdviserCyber

AdviserCyber

AdviserCyber provide Cybersecurity and Compliance Solutions for Registered Investment Advisers.

NewsGuard Technologies

NewsGuard Technologies

NewsGuard provides transparent tools to counter misinformation for readers, brands, and democracies.