It used to be that data breaches were all about cyber-crooks hacking computer systems to steal personal information, followed by an affected company sending regretful notification letters offering a year or two of complimentary credit monitoring. Not anymore. Now, state-sponsored attacks threaten to wreak havoc on companies’ essential IT systems, Internet devices, software, and all manner of critical infrastructure in private sector hands. Just a few weeks ago, the Director of the Federal Bureau of Investigation (FBI) and the U.S. Attorney General described a recent takedown of a Russian government-sponsored botnet called Cyclops Blink before it was weaponized and caused damage. That case is one reflection of a wave of state-sponsored attacks that can transform routine “incident response” into more dramatic corporate cyber crises.
In this article, we detail a few observations about nation-state-sponsored attacks, including:
• State-sponsored attacks tend to be highly sophisticated—ranging from a sophisticated botnet used to launch DDoS attacks to supply chain compromises.
• Response to state-sponsored hacking routinely requires close coordination with multiple U.S. and foreign government agencies.
• State-sponsored threat actors often target companies that run outdated software that contains previously identified and publicized vulnerabilities.
• State-sponsored threat actors may be politically motivated and, as such, their goals for the attack are not always clear—and can change over time—unlike threat actors purely motivated by profit.
• While state-sponsored cyber-attacks pose exceptional risks, technical experts may recommend the same preventative measures to defend against a state-sponsored attack as any other type of cyber-attack.
