FBI vs. REvil [ML BSide]
Nate Nelson speaks with Rich Murray, who leads the FBI’s North Texas Cyber unit, about how the Federal Bureau of Investigations dealt with dealt with another attack by REvil
Jordan Bowen
Nation-state attacks are growing in number as well as complexity, utilizing very sophisticated tools and techniques to make their mission more targeted and successful. Nation states also proactively research the latest defense capabilities implemented by businesses in order to get the upper hand.
A survey polling Black Hat 2015 attendees found that 64% of respondents believe their organization is a target for nation-state attacks.
Cybereason recently participated in a panel discussion at the Cyber Security Summit in Minneapolis that addressed nation-state attacks among other topics. Below are some highlights from the discussion.
When it comes to defending against nation-state attacks, companies are outnumbered by their adversaries.
A nation may deploy thousands of cyber soldiers to search for exploits in an enterprise IT system while businesses have only a handful of people fighting back, making it very difficult to compete, according to panelists.
As a defender, a company has just one chance to deploy the right defensive tactics. The wrong decision could prove disastrous and lead to a persistent attack. On the other hand, cyber soldiers can bombard an organization with thousands of attacks, unconcerned if nearly all of their attempts fail because infiltrating a company only requires one successful attack.
The other difficulty when defending against nation-state attacks is determining the attack’s origin. This information can help organizations understand the motive behind the attack and help them choose an appropriate response plan. However, tracking down the starting point of a cyber attack is challenging since the Internet wasn’t designed to tie IP addresses to a person’s location. Additionally, attackers try to deceive investigators. For example, adversaries can include Chinese characters in the malware’s code to make it appear like the program was developed in China when it was actually created in a different country.
Nation states engage in cyber attacks to primarily gather intelligence, according to the panel. Attacks targeted businesses are aimed at collecting intellectual property, especially if companies in the nation that launched the attack are struggling to compete globally. By pilfering company secrets from a more innovative organization, an ailing business can use this information to develop competing products and services.
With attacks targeting governments, nation states want to understand their counterpart’s view on policy issues and acquire military intelligence that could give them a tactical advantage in future conflicts.
Finally, some cyber attacks seek to physically destroy an object, such as the Stuxnet virus that targeted the centrifuges that were part of Iran’s nuclear program. Instead of using missiles to take out the centrifuges, malware was developed that caused the machines to essentially spin out of control.
Panelists discussed the role the U.S. government should play in protecting businesses from cyber attacks and noted that federal authorities are beefing their defensive efforts.
The government collects threat intelligence data, for example, and alerts businesses when potential threats are detected.
According to a PricewaterhouseCoopers survey, in 2013 the FBI warned 3,000 U.S. companies that they had been attacked. And, according to one of the panelists, the FBI is hiring more employees to handle notifying companies about looming cyber attacks.
The speakers recommended that companies decide whether they’re going to invest in cyber security technologies or accept the risks of getting breached, such as losing data.
Organizations that opt to buy security products should assess their defense capabilities before making a purchase, the panelists said. For instance, a power plant may have new servers, but its SSL encryption library could be dated and buggy.
For companies that decide to accept the spectre of a breach, speakers noted that it is nearly impossible to quantify the data can be lost and calculate the risk. Additionally, when companies hire a third party to clean up the aftermath of a data breach, they’re paying to learn what happened and what their next steps should be related to a specific attack. This approach still leaves them vulnerable. Instead, companies should focus on detecting future attacks.
Jordan Bowen is a long-time Cybereason employee and Product Marketing Manager.
Nate Nelson speaks with Rich Murray, who leads the FBI’s North Texas Cyber unit, about how the Federal Bureau of Investigations dealt with dealt with another attack by REvil
Cybereason CISO Israel Barak delves into the MITRE ATT&CK framework and explains how it can help organizations get better at detecting stealthy advanced attacks - check it out...
Nate Nelson speaks with Rich Murray, who leads the FBI’s North Texas Cyber unit, about how the Federal Bureau of Investigations dealt with dealt with another attack by REvil
Cybereason CISO Israel Barak delves into the MITRE ATT&CK framework and explains how it can help organizations get better at detecting stealthy advanced attacks - check it out...
Get the latest research, expert insights, and security industry news.
Subscribe