Nation State Hacking Is On Trend In 2018

Last year was a banner year for cybercrime; more data was stolen in the first six months of 2017 than in the entirety of 2016. Gemalto’s Breach Level Index found that over 900 data breaches occurred during the first half of 2017, compromising 1.9 billion records. 

According to Jing Xie, senior threat intelligence analyst for Venafi, this explosive development in data exfiltration will continue in 2018.

In an even more ominous trend, the number of sophisticated state sponsored cyber attacks increased significantly last year. 

“In 2017, attackers working for nation-states focused on efficiency and return on investment, and they were very successful,” said Xie. 

“As a result, we should expect to see escalations and variations of similar attacks this year.”

Xie examined the condition of nation-state sponsored cyber warfare and offered these predictions and insights for 2018:

The ongoing wrestling match between super powers will move from clandestine programs that are largely carried out behind the scenes to more public attacks aimed at critical infrastructure and services, according to Venafi. Because vital security assets control encrypted communication between machines, many cyber attacks will leverage compromised or rogue keys and certificates. 

A nation-state with this power can bombard critical infrastructure through increasingly sophisticated variations of attacks, sabotaging core services using attacks derived from Stuxnet and Duqu. Venafi says cyber criminals sponsored by nation-states may find ways to exploit the trust models used to control communication between machines. 

The easiest way to accomplish this would be to attack or manipulate Certificate Authorities and the keys and certificates they issue. If successful, this exploit vector would allow cyber criminals to eavesdrop on a wide range of confidential communications, intercept and redirect encrypted traffic, and target government watchdogs and human rights activists.
We saw numerous state-sponsored social media campaigns that concentrated on fostering public doubt, and fear, during the 2016 US presidential elections. 

Venafi says that, due to the success of these campaigns, we should expect additional attacks against local and national elections. Some attacks may even utilise fraudulent identities of both humans and machines to steal and leak sensitive nation-state data. Distressingly, these attacks are occurring in elections around the globe.

“With every major nation-state expanding both offensive and defensive cyber war spending, public and private critical infrastructure and communication providers should expect to be caught in the crosshairs of cyber warfare. 

“As a result of the cumulative impact of powerful spending and attack trends, we should expect to see at least one act of nation-state sponsored cyber warfare that directly impacts citizens this year,” added Xie.

MacTech

You Might Also Read: 

Offensive Security, Cyber Insurance & Cryptocurrencies: 2018 Predictions:

Eight Ways Cyber Threats & Business Security Will Change in 2018:

 

« What Does Brexit Mean For Britain's Spies?
How GDPR Affects Your Marketing Strategy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Swiss CyberSecurity

Swiss CyberSecurity

Swiss CyberSecurity is a non-profit group based in Geneva, set up to provide information and as a forum for discussion of topics related to CyberSecurity.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

Cycuity

Cycuity

Cycuity (formerly Tortuga Logic) is a cybersecurity company that is transforming the way we secure silicon with comprehensive hardware security assurance.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.