What does the increasingly fuzzy line between traditional cybercrime and attacks attributed to state-backed groups mean for the future of the threat landscape?
Governments have always conducted offensive cyber-operations. But over the past few years, campaigns have seemed to grow in audacity and volume. The headlines scream about “state-sponsored” or “nation state” raids targeting everything from critical infrastructure to complex supply chains. But peer closer and the lines between these and traditional cybercrime are increasingly blurred.
What does this mean for the future of the threat landscape and the growing impact of cybercrime on global organizations? Without some kind of geopolitical consensus, it’s going to get a lot tougher to stop those criminal groups effectively being sheltered by nation states.
The traditional lines
When I started out writing about cybersecurity over 16 years back, the discovery of nation state attacks was a rarity. That’s what made Stuxnet such a huge event when it broke. Often, similar attacks were described as “state-sponsored,” which adds a little more ambiguity to attribution. It’s a sense that we know a government most likely gave the order for a campaign—because the target and type of attack did not align with purely financially driven motives – but may not have pulled the trigger itself.
The two terms have probably quite often been used incorrectly over the years. But that’s just the way governments like it – anonymizing techniques make 100% attribution difficult. It’s all about plausible deniability.
Whether nation state or state-sponsored, attack campaigns used to feature several key elements:
Home grown or bespoke malware and tooling, potentially the result of time-consuming research to find and exploit zero-day vulnerabili ..
Support the originator by clicking the read the rest link below.
