Who is the adversary, our cybersecurity “enemy”? Your mind might flash to the visual of a hooded figure with a mask, hacking away on a computer in the shadows of a darkly-lit basement.
Sounds pretty scary—if it were only true. Today’s cyber attackers are more sophisticated and corporate in their conduct than ever before. The reality is, the adversary targeting your money and resources can be anyone or any organization.
To protect ourselves against evolving cyberattacks, let’s review at the different types of cybercriminal out there, their preferred targets, the types of ‘loot’ they seek, and their favorite offensive strategies.
Nation-state attackers, contrary to professional criminal organizations I recently wrote about for FoxBusiness.com, tend to focus on targets of national interest, or individuals and companies with access to highly-sensitive information that can be used for economic benefit. They hack public-sector databases, influence political elections, and leak information taken from high-profile government agencies.
Typically, these attackers are more nuanced, targeting parts of the national defense complex and its extended network of contractors.
The threats that national cyber warfare programs apply range from propaganda dissemination campaigns and defacement of popular web pages, through to espionage for technology development, with a view to creating extensive disruption across critical U.S. infrastructure.
While the threats are serious, most “normal” people are not in the direct line of fire. Nation-state hacking groups, such as Chinese group APT 1 and Russia-based Fancy Bear, are more interested in political disruption and technological advancement through the theft of intellectual property, such as military fighter jet blueprints, than turning a profit. The IP Commission estimates that theft of American IP from China alone costs the U.S. economy up to $600 billion per year.
Fancy Bear is the group most notably connected with Russian efforts to attack the Democratic National Committee and influence the 2016 U.S. presidential election.
Special Counsel Robert Mueller’s federal indictment revealed how Russian agents used social engineering attacks such as spear phishing to con Democratic Party workers into sharing their login credentials.
The attackers used authentic-looking email addresses to collect sensitive information, which allowed them to access the Party’s private computer networks.
Once inside, they installed malware and stole sensitive political documents—later altering and releasing them to the public with the intention of spreading misinformation and a lack of trust in domestic government, forcing the DNC to decommission more than 140 servers.
Election offices nationwide are now beginning to roll out two-factor authentication for their employee accounts, in addition to mandatory cybersecurity training.
Nation-state attackers may also exploit a victim’s technical resources to mine for cryptocurrency, a secure and anonymous form of digital money requiring computing power to create and authenticate transactions.
This process is known as "cryptojacking." Unlike traditional viruses, antivirus programs struggle to detect cryptojacking because it doesn’t download any files to your system. Instead, the malware uses legitimate Windows programs to conduct permanent background processes on a victim’s PC.
An example of this is Smominru, a piece of mining malware that has infected more than 526,000 Windows computers since 2017, exploiting their collective computing power to mine up to $3.6 million of Monero cryptocurrency.
A recent report issued by South Korean intelligence officials also claimed that state-sponsored North Koreans are hacking South Korean computers, to mine for Monero that can finance their operations and even sidestep economic sanctions. Cybersecurity firm AlienVault has validated these claims.
By securing digital devices, questioning the legitimacy of inbound communications, and monitoring computers’ central processing units for suspicious activity, we can review and improve, our ‘cyber hygiene’ as individuals, as a society, and as a collective economy.
Bart McDonough is CEO and Founder of Agio, a hybrid managed IT and cybersecurity services provider servicing the financial services, health care and payment industries.