The latest report issued by the Cybereason Intelligence Group (CIG), Owning the Battlefield, examines the increase in the quantity and specificity of destructive cyber attacks, especially those associated with nation-state actors.
Owning the Battlefield also looks at how this trend has been accompanied by a low degree of sophistication, in the aggregate, of the attack tools. Considering the extent of the damage caused, you'd expect that these attacks were carried out with very sophisticated toolsets. But, aside from Stuxnet and Crash Override/Industroyer, most of the malware used in destructive attacks over the last 35 years consisted of basic techniques such as boot record wipers.
Additionally, the report discusses the government’s policy paralysis and why a substantial policy shift is unlikely. With no ability to dissuade nation state from carrying out destructive attacks, the private sector will ultimately pay price.
Key Takeaways
- The general trend, especially since 2010, has been that relatively simple, but very capable malware is behind destructive cyber attacks. Even the most recent example, NotPetya, was a relatively simple destructive module that was paired with a fairly sophisticated and hard-to-detect backdoor. Cheap, dirty but effective is all any actor needs to play in this arena.
- To date, many cyber incidents are still motivated by espionage or criminal activity and don't rise to the level of destructive attacks. However, the increased use of these tools, especially by nation-state actors, is an alarming trend that is unlikely to abate any time soon.
- There is no incentive for nations to stop this behavior. They can use these attacks to signal displeasure, retaliate for another’s actions, or conduct disruptive, covert operations with impunity. The ability to strike internationally with relative ease combined with a comparative lack of retribution has created an environment where nations will continue to experiment and grow increasingly bold in their attacks.
- The private sector is most often the victim of these attacks because it is both less secure than government networks and has been largely deemed a “safe” target from a retaliation standpoint.