Nation State Hacking Is On Trend In 2018

Last year was a banner year for cybercrime; more data was stolen in the first six months of 2017 than in the entirety of 2016. Gemalto’s Breach Level Index found that over 900 data breaches occurred during the first half of 2017, compromising 1.9 billion records. 

According to Jing Xie, senior threat intelligence analyst for Venafi, this explosive development in data exfiltration will continue in 2018.

In an even more ominous trend, the number of sophisticated state sponsored cyber attacks increased significantly last year. 

“In 2017, attackers working for nation-states focused on efficiency and return on investment, and they were very successful,” said Xie. 

“As a result, we should expect to see escalations and variations of similar attacks this year.”

Xie examined the condition of nation-state sponsored cyber warfare and offered these predictions and insights for 2018:

The ongoing wrestling match between super powers will move from clandestine programs that are largely carried out behind the scenes to more public attacks aimed at critical infrastructure and services, according to Venafi. Because vital security assets control encrypted communication between machines, many cyber attacks will leverage compromised or rogue keys and certificates. 

A nation-state with this power can bombard critical infrastructure through increasingly sophisticated variations of attacks, sabotaging core services using attacks derived from Stuxnet and Duqu. Venafi says cyber criminals sponsored by nation-states may find ways to exploit the trust models used to control communication between machines. 

The easiest way to accomplish this would be to attack or manipulate Certificate Authorities and the keys and certificates they issue. If successful, this exploit vector would allow cyber criminals to eavesdrop on a wide range of confidential communications, intercept and redirect encrypted traffic, and target government watchdogs and human rights activists.
We saw numerous state-sponsored social media campaigns that concentrated on fostering public doubt, and fear, during the 2016 US presidential elections. 

Venafi says that, due to the success of these campaigns, we should expect additional attacks against local and national elections. Some attacks may even utilise fraudulent identities of both humans and machines to steal and leak sensitive nation-state data. Distressingly, these attacks are occurring in elections around the globe.

“With every major nation-state expanding both offensive and defensive cyber war spending, public and private critical infrastructure and communication providers should expect to be caught in the crosshairs of cyber warfare. 

“As a result of the cumulative impact of powerful spending and attack trends, we should expect to see at least one act of nation-state sponsored cyber warfare that directly impacts citizens this year,” added Xie.

MacTech

You Might Also Read: 

Offensive Security, Cyber Insurance & Cryptocurrencies: 2018 Predictions:

Eight Ways Cyber Threats & Business Security Will Change in 2018:

 

« What Does Brexit Mean For Britain's Spies?
How GDPR Affects Your Marketing Strategy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Digitronic Computersysteme

Digitronic Computersysteme

Digitronic focus on innovative software to protect your personal and sensitive corporate data.

Massive Alliance

Massive Alliance

Massive is a global service agency providing internet monitoring, data & security threat surveillance and reputation management.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

du

du

du is a telecommunications service provider providing UAE businesses with a vast range of ICT and managed services.

EPAM Systems

EPAM Systems

Since 1993, EPAM Systems has leveraged its advanced software engineering heritage to become a leading global digital transformation services provider.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.