Cybercrime: Nation-states go prime time

Cybercriminals have become more sophisticated by employing methodologies that make them both tougher to detect and more capable of thwarting even tech-savvy targets. Hostile nation-states are using new attack methods that improve the odds of infiltrating and knocking off high-value targets. Increasingly, criminal groups are shifting their infrastructure to the cloud in order to hide among legitimate services, and bad actors have figured out novel ways to search the Internet for systems that are vulnerable to disruption.

According to the “Digital Defense Report” recently released by Microsoft, nation-state attacks have moved far beyond critical infrastructure, since the lion’s share — over 90% — of security alerts originated from outside of this sector. Within the critical infrastructure arena, 60% of nation-state activity zeroed in on IT organizations, followed by commercial facilities, critical manufacturing, financial services, and the defense industrial base.

Nation-state actors typically do their dirty work in service of broader strategic goals that they see as essential to the political, cultural, and economic health — and even the survival — of their country. That’s why the attackers are so determined and ready to put so much time and expense into disruptive cyber operations.

Their Goals: Espionage, Disruption, or Destruction
As noted in Microsoft’s report, over a dozen hostile states are launching cyberattacks to collect intelligence about what their targets are thinking and doing. They’re seeking official correspondence, proprietary corporate data, and personal information. They’ve also spearheaded operations designed to disrupt or destroy data and physical infrastructure at the organizations in their crosshairs.

Furthermore, nation-state actors have conducted intrusions intended to disrupt or destroy data or physical assets at targeted facilities or institutions. The US National Institute of Standards and Technology (NIST) defines a disruption as “an unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time.” A disruptive attack can cause minor or extended power outages or prolonged network downtime. Destructive attacks are associated with “overwriting, erasing, or physically destroying information,” equipment, or facilities.

To read the complete article, visit Dark Reading.