Feb 11 2022

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Category: Ransomware,SpywareDISC @ 9:56 am

I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoyā€

How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet?

In the last decade, we have observed a progressive weaponization of cyberspace. NATOĀ recognizedĀ cyberspace as a new domain of warfare. Cyberspace is the new battlefield for nation-state actors, the digital place where international crime rings operate threatening the pillars of our digital society.

Spyware are powerful weapons in the arsenal of governments and cybercrime gangs. These tools are even more sophisticated and are able to evade detection by using so-called zero-day exploits allowing attackers to bypass the defense of government organizations and businesses. Spyware allows attackers to steal sensitive info from the targets, and perform a broad range of malicious activities.

Is the Pegasus spyware as a game-changer?

PegasusĀ is probably the most popular surveillance software on the market, it has been developed by theĀ Israeli NSO Group. Anyway, it is not the only one. Many otherĀ surveillance firmsĀ develop spyware that are every day abused in dragnet surveillance and target journalists, dissidents, and opponents of totalitarian regimes. These software are developed for law enforcement and intelligence agencies, but they are often abused by many governments worldwide cyber espionage operations. TheĀ surveillance businessĀ is growing in the dark and is becoming very dangerous.

Which are devices of cyber warfare and cyber espionage?

Every technological device can be abused for cyber warfare and cyber espionage. Malware, spyware are the most common means but do not forget the power of social network platforms that can be used for surveillance andĀ misinformationĀ purposes.

Many governments have fallen victim to massive ransomware attacks from groups linked to organized crime, how bad can this new trend of hacking get?

Every day we read about major attacks targeting organizations worldwide with severe impact on their operations. The situation is going worse despite theĀ numerous operationsĀ of law enforcement on a global scale. The number ofĀ ransomware attacksĀ spiked in the last couple of years due to the implementation of theĀ Ransomware-as-a-ServiceĀ model, this means that tens of ransomware gangs have created a network of affiliates and provided them their malware. Almost any criminal group could become an affiliate, obtain ransomware from a gang, and spread it, this is amplifying the damages. Critical infrastructure are even more exposed to a new generation of threats that are more aggressive and sophisticated.

Reports are coming out linking North Korea to illegal online activities related to cryptocurrency. How are some governments using the Internet to threaten world peace in one way or another?

When dealing with nation-state actors you must consider the main motivation behind the attacks and distinguish the technique, tactics, and procedure adopted by the different state-sponsored groups.

For example,Ā China-linked nation-state actorsĀ are more focused on cyberespionage aimed at stealing intellectual property, while Russia-linked Advanced Persistent Threat groups often operate to destabilize the political contest of foreign states, carry out cyber espionage activities, and conductĀ disinformationĀ campaigns.Ā North Korea-linked threat actorsĀ carry out financially motivated attacks against banks and cryptocurrency firms worldwide to steal funds to re-invest in their military industry.

What about the resilience of countriesā€™ infrastructure to face such kind of war?

We needĀ norms of state behavior in the cyber spaceĀ and more information sharing on cyber threats. We need to share information about the attacks in an early stage, profiling the threat actors to mitigate and prevent their campaigns. It is essential to increase the level of security of critical infrastructure like power grids, power plants and hospitals. Critical infrastructure are the main targets of nation-state actors in a cyber warfare contest.

Is making the internet a safe place technically possible?

Let me use the title of a famous book, ā€œNo place to hideā€. I mean that both nation-state actors and cybercriminal organizations are spending a growing effort to increase their hacking capabilities and evasion techniques. Unfortunately, today most of the organizations still consider cybersecurity a cost to cut and this approach gives the attackers an immense advantage. We need a cultural change and we must consider that a security by design approach is the unique way to make the Internet a safe place. We also need globally recognized norms of responsible state behavior in cyberspace.

The Hacker and the State

The Cyberweapons Arms Race

Tags: Nation-state hacking, Ransomware Protection Playbook, Spyware, The Cyberweapons Arms Race, The Hacker and the State