1. Extra Categories
  2. Editor's Pick
June 21, 2019updated 18 Jul 2019 8:20am

Battling state-sponsored cyber warfare with modern cybersecurity methods

By Dr Darren Williams

We’re living in a time of technology sanctions, escalating tensions between states and allegations of political party interference. Against this backdrop we must consider the growing issue of state-sponsored cyber warfare.

You don’t have to look far to find a growing archive of state-sponsored attacks or a list of voices concerned about Huawei participating in the UK’s 5G network following a US ban on the Chinese telecommunications company.

We’re facing a very different future of warfare, with British Foreign Secretary, Jeremy Hunt, telling a recent conference that Russia’s intelligence services are targeting the critical national infrastructure of many countries.

It’s not just government bodies in the sights of state-sponsored cybercriminals. These hackers are targeting everything from major financial institutions to small businesses. Essentially, any organisation that houses sensitive citizen data or intellectual property is ripe for a state-sponsored attack. Recent research from BlackFog illustrates this trend, revealing that 20% of all data flowing from enterprise devices is being sent to Russia and China on a daily basis without knowledge or consent.

Moves like the European Union’s new cyberattack sanctions regime brought in just days before the European Parliament election are setting a new standard to deter state-sponsored attacks. These sanctions, which will punish future hackers through asset freezes and travel bans, are a great foundation to show that any such attacks will have serious consequences.

But how do we stop state-sponsored hackers in their tracks before it gets to the stage of issuing penalties?

Know what your enemy looks like

State-sponsored cybercriminals, whether targeting a state institution or a business’ database, are using increasingly sophisticated and complex techniques to access foreign systems. These attacks centre around the exploitation of credentials to gain access to a network and infect it with malicious software.

Widely believed to be the work of North Korea, the 2017 WannaCry malware attack is one of the most noteworthy cases of a state-sponsored attack. More than 200,000 attacks across 150 countries occurred through leaked NSA techniques that locked Windows computers and demanded users pay $300 in Bitcoin to restore their data.

It was a sophisticated and coordinated hack that had damaging consequences for governments, major institutions, and individuals alike. Britain’s National Health Service (NHS) was among the hardest hit, with the attack severely disrupting patient care and costing it £92m.

The WannaCry attack – and others that quickly followed – changed the game and signalled a move towards state-sponsored hackers using military-grade cyber weapons. The first step to not becoming the victim of a state-sponsored attack is knowing where threats come from and what they look like, from support emails to targeted spear phishing campaigns.

State-sponsored cyber warfare: Prepare your defence

As the techniques used by state-sponsored hackers evolve, we need to reframe our thinking around our approach to cybersecurity. Most of the discourse and solutions today focus on trying to stop an attacker getting in or cleaning up the mess after the damage is done.

It’s critical we stop them getting into networks, particularly where they can disrupt operations or affect service, but the focus of mitigating cyber warfare doesn’t stop here.

The reality is in many cases, hackers will find a way in. Across governments, major institutions, and businesses, we need to focus on preventing them then getting out with valuable data – state secrets, intellectual property and personal information.

This means monitoring data flow, being able to identify in real time when a hacker is trying to remove unauthorised data from the network, and stopping them in their tracks before they get the data out.

Insider threats

Governments and businesses must not only ensure they have the sophisticated technology to prevent attacks, but also devote resources to defending their network from vulnerabilities caused by insiders.

An institution may have all the best measures in place, but many threats come from individuals within the organisation or third parties it works with. The key to mitigating these risks is being on the same page as stakeholders. This means educating employees on actions that increase risk, particularly around Bring Your Own Device (BYOD), and conducting due diligence on the cybersecurity protocols potential suppliers have in place prior to entering a business relationship.

There are undoubtedly a large number of cybersecurity concerns for today’s governments, institutions, and businesses. But attacks from state sponsored actors in particular are becoming more frequent, more pervasive, and more dangerous. The risks of these attacks range from threatening free and fair elections, to cutting off national services and stealing intellectual property.

When any of these types of attacks are successful, they quickly spawn copy cats using variants of the same techniques. We have a collective responsibility to stop cyber warfare in its tracks. The best defence is good offence, which all starts with knowing what threats look like, having sophisticated protection in place, and ensuring all stakeholders are on board.

Read more: NotPetya, WannaCry: The privatisation of nation-state capabilities threatens us all