State-backed hacking is on the rise. Both political campaign teams in the United States have recently been targeted with phishing attacks from hackers linked to China and Iran. The prime minister of Australia announced in June that the country is grappling with attacks against a range of government agencies and businesses from “a state-based actor with very, very significant capabilities.” Iran and Israel were recently caught up in an escalating back and forth of cyberattacks targeting government websites, water supply systems, and even shipping ports.
A decade ago, the most advanced attacks were launched by states against states: Outside of certain key sectors, most businesses were unaffected. Today, the stakes are higher not only for governments and providers of critical national infrastructure targeted by sophisticated state tools, but for private businesses that are increasingly caught up in the cross fire. The famous NotPetya attack, developed by a nation-state and launched against a nation-state, inadvertently affected 300 businesses and cost approximately $10 billion in damages. Businesses may find themselves collateral damage in this new era of digital warfare if they don’t have the right defensive strategy in place or aren’t armed with the right tools.
Waging war a different way
Cyber warfare is the use of technology by nation-state groups to attack another country or state. While physical and cyber warfare are waged on completely different fronts with completely different tools, cyber warfare can have an impact on the physical world, causing real damage against ports, power grids, and nuclear centrifuges. While some academics debate where cyber falls amongst nation’s levers of power, cyberattacks can be seen as an extension of countries’ military power given the scope of their physical impacts.
The difficulty of attribution, or the ability to tell who launched an attack, is part of what makes cyberattacks a compelling–and successful–tactic. Attacks might rely on third-party sites, copy the style of other nation-states, maneuver through many different vectors, and use so many complicated lines of code that it becomes hard to distinguish the original source. With attacked nations unsure of who to blame, retaliation becomes a dangerous game where friends as well as foes can be caught up in misplaced retribution. This also further complicates existing geopolitical tensions. A third party could conduct a false-flag attack to increase tensions between adversaries, or even seek to provoke an escalation of conflict.
With cyber warfare, nations that weren’t traditional military powers are now able to have an impact on the global stage. Computers, hackers, creativity, and time are the main resources needed to develop a successful cyber program. It’s far easier–and less conspicuous–to develop a new cyber weapon than a nuclear arms program. While global superpowers still possess the upper hand–with more resources, more developed technology sectors, and countless other advantages–countries like Iran and North Korea are able to launch cyberattacks against more powerful nations like the United States.
The internationally understood laws of war lay out appropriate targets for conflict, ensuring, for example, that civilians and hospitals aren’t targeted. In cyberspace, no such similar laws exist. If anything, the lines between private and public targets are blurring, with private companies becoming the stated targets of many nation-state attacks.
Take advanced espionage, a frequent goal of nation-state attacks. Cybercriminals and the malware they deploy can lie dormant inside organizations’ networks for years, gathering intelligence to give them strategic advantages. In recent years, the private sector has found itself the continued target of cyber-enabled espionage efforts. In August 2019, Chinese nation-state actors were found to have been gathering data from foreign firms in the telecommunications, healthcare, semiconductor, and manufacturing sectors. Rather than halting attacks as the COVID-19 pandemic peaked, nation-state backed cybercriminals increased their activity–with Russian, Chinese, and Vietnamese actors targeting U.S. healthcare organizations in search of information on the virus or vaccines.
At the same time that the private sector is being targeted by state-actors more frequently, the tactics of nation-state attackers and cybercriminals have become increasingly similar. Cybercriminals are copying state-sponsored customized zero-day attacks and sophisticated spear-phishing tactics. When software developers publicly release a patch in the wake of a nation-state vulnerability exploit, opportunistic cybercriminals race to attack organizations before they update their systems, taking advantage of the revealed weakness. Some nation-state developed cyber weapons also find their way to the dark web, like the infamous EternalBlue offensive toolkit, which cybercriminals continued to find success with as late as last year.
Effects of a nation-state attack
Governments and businesses around the world need to prepare for cyberattacks to come as if they were preparing for a physical conflict–deploying algorithms instead of weapons systems, and advanced security tools rather than anti-missile technology.
Darktrace, an AI cybersecurity company whose founders include members of the UK’s GCHQ and MI5 along with former CIA and FBI operatives, has plenty of experience detecting nation-state attacks. In early March, its AI identified several highly targeted attacks, which were later attributed to the Chinese threat actor APT41. Exploiting the Zoho ManageEngine zero-day vulnerability CVE-2020-10189, the actors tried to gain entry to as many different companies and sectors as possible before the vulnerability was discovered. The attack was almost fully automated, attempting to initiate command and control techniques and execute two payloads. Darktrace’s AI identified these threats in their earliest stages, alerting the organizations and working with security teams to neutralize the attack.
Zero-day attacks are often first identified and launched by nation-state actors like APT41 because it requires significant time and patience to identify a completely new vulnerability. They are often some of the most difficult to detect. There is no public threat intelligence about what the threat looks like. There aren’t any pre-programmed rules or signatures that can detect the threat. A new approach is needed to detect these zero-days.
Darktrace’s approach, inspired by the human body’s own immune system, detects zero-days by learning a complete and contextual understanding of “normal” for a business with AI, understanding how each user and device normally behaves. Knowing “normal” enables the AI to detect even the most subtle signals of an emerging threat, as threat-actor activity registers as highly unusual compared to normal business operations. In the face of machine-speed attacks being launched by nation-state actors and cybercriminals, early detection alone isn’t enough. Autonomous response that can stop attacks seconds after they arise and give security teams the time they need to catch up is also necessary.
As nation-state attacks ramp up in both frequency and severity, and more businesses find themselves in the firing line or caught up in the cross fire, these organizations need to urgently upgrade their cybersecurity to tackle all types of sophisticated threats–from customized, spear-phishing campaigns to zero-day software exploits. AI can provide the holistic understanding needed to detect and respond to these uniquely developed attacks because it can dynamically adapt to the state actors’ evolving tricks and techniques–including attacks that are powered by AI itself. The new era of cyber warfare will see algorithms pitted against algorithms–it’s time for the defenders to tech up.
For more great content like this check out:
A New Class of Threat: Educational Institutions Find Themselves On the Front Lines of Cyberattacks
AI Will Be a Crucial Tool in the Fight Against Next-generation Security Threats
Only as Strong as the Weakest Link: How Cyber AI Protects Global Supply Chains
The Reeducation of AI: A Self-Learning Approach
Top Experts: Pandemic Has “Exponentially Expanded” Corporate Security Vulnerabilities
AI in Healthcare: Protecting the Systems that Protect Us
AI: Enforcing Normal In Extraordinary Times
How AI Is Future-Proofing the Cities of Tomorrow
Offensive AI: Surfacing Truth in the Age of Digital Fakes
How AI Battles Security Threats without Humans
Mimicking a Cybersecurity Analyst’s Intuition with AI