Imagine this scenario: you have just purchased a new computer, and you boot it up all excited to get right into setting it up, only to find that it is extremely slow and bogged down by all kinds of applications you didn’t know were pre-installed on it. This type of unwanted software can be a problem, especially for businesses when... Read More
- Published: 15 Mar 2021
When most of us think of cybercrime, we’re thinking about a lone hacker in a dimly lit room—or, at most, a few hackers hunched over their computers in a dimly lit room. However, to remain restricted to this impression would be inaccurate—particularly when you consider the very real threat that state-sponsored cyberattacks can just as easily pose.
Let’s take a few moments to consider how large this threat truly is, starting with a recent example: the attack against the U.S.-based cybersecurity firm FireEye.
FireEye’s Hacked Tools
Back in December of 2020, FireEye was struck by an attack wherein their own hacking toolkits—which are commonly used to simulate cyberattacks on organizations to gauge their defenses—were stolen, potentially giving hackers a set of pre-made attacks to use. By making use of never-before-seen techniques, these attackers were able to bypass the security company’s protections with relative ease… suggesting that the tailored attack was perpetrated by a professionally equipped and funded team with the support of some government agencies.
What’s more, this attack was incredibly sophisticated, with thousands of unique and new IP addresses created (many in the US) to hide the true location of those responsible.
However, it is now believed that Russia’s intelligence agencies are responsible for this theft, taking advantage of the increased focus on election security that the cybersecurity community at large were occupied by at the time of the attack. While the Federal Bureau of Investigation has confirmed that a nation-state indeed carried out this attack, there has been no official confirmation of whether it was indeed Russia that was behind it.
The hypothesis that Russia could be responsible is also based on some significant precedence, as the nation’s agencies were also involved in breaches that occurred during the election in 2016 and others.
This is Not a New Pattern
It isn’t surprising that a cybercriminal outfit—particularly one sponsored by a governing body—would be interested in stealing such security tools to carry out their ongoing attacks. After all, using such tools helps a nation conduct such an incursion without showing their hand, so to speak, as they would not have to reveal their own proprietary tools.
Just consider the fact that, when a Chinese state-sponsored group discovered tools developed by the NSA on their systems, these same tools were then used by that group in their further attacks.
Not only that, but larger providers like FireEye serve a huge number of clients. This means that gaining access to the tools used to protect these clients also grants the attacker the means to get into these systems more easily as well.
Businesses Clearly Aren’t Immune to These Attacks
State-sponsored hacking often targets private businesses like FireEye, a trend that has only increased since the pandemic first reared its head last year. In fact, nearly 80 percent of survey respondents claim that the likelihood of such an attack has risen due to just that, and that we are only halfway through a decade-long rise in their frequency.
Furthermore, many executives may feel that their organizations are sufficiently equipped to deal with cybercriminal efforts—forgetting that direct attacks are only a part of the problem. An attack against an organization that a business works with can (and should) be included in any risk assessments or cybersecurity preparations that the business undergoes as well.
Hopefully, attacks like this one will help to reinforce that message, as the nation-state hacking problem is only anticipated to grow.
We’re Here to Keep Your Business as Protected as It Can Be
Preparing for cybersecurity issues both big and small is no longer optional for a business of any size. Fortunately, Compudata is here to offer our assistance. By installing the protections that your infrastructure needs and monitoring it for threats and other problems, we can help better ensure that your operations can continue securely.
To talk to us about what we have to offer, give us a call at 1-855-405-8889.