Nation State Hacking Is On Trend In 2018

Last year was a banner year for cybercrime; more data was stolen in the first six months of 2017 than in the entirety of 2016. Gemalto’s Breach Level Index found that over 900 data breaches occurred during the first half of 2017, compromising 1.9 billion records. 

According to Jing Xie, senior threat intelligence analyst for Venafi, this explosive development in data exfiltration will continue in 2018.

In an even more ominous trend, the number of sophisticated state sponsored cyber attacks increased significantly last year. 

“In 2017, attackers working for nation-states focused on efficiency and return on investment, and they were very successful,” said Xie. 

“As a result, we should expect to see escalations and variations of similar attacks this year.”

Xie examined the condition of nation-state sponsored cyber warfare and offered these predictions and insights for 2018:

The ongoing wrestling match between super powers will move from clandestine programs that are largely carried out behind the scenes to more public attacks aimed at critical infrastructure and services, according to Venafi. Because vital security assets control encrypted communication between machines, many cyber attacks will leverage compromised or rogue keys and certificates. 

A nation-state with this power can bombard critical infrastructure through increasingly sophisticated variations of attacks, sabotaging core services using attacks derived from Stuxnet and Duqu. Venafi says cyber criminals sponsored by nation-states may find ways to exploit the trust models used to control communication between machines. 

The easiest way to accomplish this would be to attack or manipulate Certificate Authorities and the keys and certificates they issue. If successful, this exploit vector would allow cyber criminals to eavesdrop on a wide range of confidential communications, intercept and redirect encrypted traffic, and target government watchdogs and human rights activists.
We saw numerous state-sponsored social media campaigns that concentrated on fostering public doubt, and fear, during the 2016 US presidential elections. 

Venafi says that, due to the success of these campaigns, we should expect additional attacks against local and national elections. Some attacks may even utilise fraudulent identities of both humans and machines to steal and leak sensitive nation-state data. Distressingly, these attacks are occurring in elections around the globe.

“With every major nation-state expanding both offensive and defensive cyber war spending, public and private critical infrastructure and communication providers should expect to be caught in the crosshairs of cyber warfare. 

“As a result of the cumulative impact of powerful spending and attack trends, we should expect to see at least one act of nation-state sponsored cyber warfare that directly impacts citizens this year,” added Xie.

MacTech

You Might Also Read: 

Offensive Security, Cyber Insurance & Cryptocurrencies: 2018 Predictions:

Eight Ways Cyber Threats & Business Security Will Change in 2018:

 

« What Does Brexit Mean For Britain's Spies?
How GDPR Affects Your Marketing Strategy »

Directory of Suppliers

Darktrace

Darktrace

Darktrace’s Enterprise Immune System is capable of detecting and responding to emerging cyber-threats, from within the network.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

RandomStorm Ltd

RandomStorm Ltd

RandomStorm provides network vulnerability management solutions and services for enterprises, public sector organisations and SMEs.

NetApp

NetApp

NetApp is pioneering a Data Fabric approach that allows you to easily and securely unite and manage data across the widest variety of environments.

Appthority

Appthority

Appthority is a leader in enterprise mobile threat protection, delivering visibility into mobile risk for executive, security and mobility teams.

KnowBe4

KnowBe4

KnowBe4 is an integrated platform for security awareness training combined with simulated phishing attacks.

Egerie Software

Egerie Software

Egerie Software's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

KZ-CERT

KZ-CERT

KZ-CERT is the national Computer Emergency Response Team for Kazakhstan.

CeBIT

CeBIT

CeBIT is the largest and most internationally represented computer expo and trade fair, held each year in Hanover, Germany.

ePayments

ePayments

ePayments.com is a secure electronic payment system for businesses and individuals.

AET Europe

AET Europe

AET Europe is specialised in creating technological solutions for user identification and authentication.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Dispersive Technologies

Dispersive Technologies

Dispersive Critical Infrastructure Software-Defined Network delivers security, reliability and resiliency for critical infrastructure data communications over the Internet.

Threat X

Threat X

Threat X Intelligent Web Application Firewall (iWAF) utilizes a combination of application profiling and multiple sensor inputs to distinguish malicious attacks from legitimate user behavior.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.