Russian and China aren’t the only entities with the ability to pull off nation-state attacks. The tools used by nation-states to carry out sophisticated attacks are now commonly available on the black market, providing anybody with the means to hack.
“You can be a nation-state hacker if you have the time. Today over the Internet, you can learn everything,” said Cybereason CEO and co-founder Lior Div during an interview with CSO Online at Black Hat last week.
Nation-state attacks were the main and most dangerous threat that enterprises faced 20 years ago, he said. “Nobody knew these types of attacks existed.”
Nation-state attack tools become mainstream
In the past few years, though, the tools used to execute nation-state attacks have become commodities, meaning these measures can be used by anyone to hack into an organization.
Div offered the 2014 cyber attack against JP Morgan Chase as an example of how hackers not tied to a nation-state are using nation-state tools to carry out advanced attacks. The hackers who stole 83 million customer records from the financial services company were operating a pump-and-dump stock scheme, not pilfering information for a foreign government, according to U.S. federal prosecutors.
While people hypothesized that either the Russians or Chinese were behind the attack, in reality, it was a few people “with the ability to conduct a full-scale operation,” Div said.
“Today we are seeing more and more actors that aren’t Chinese or the Russians, but their ability to conduct full-scale operations is enormous,” he said.
People who are interested in hacking just need to know how to acquire a Tor user name and access the dark Web. From there, they can log-in to chats and specifically ask for access to a certain company. Most likely, a person will offer that access and sell it to an interested party via a bitcoin transaction.
“It’s that easy. You’re already in and can have access to any company out there,” Div said.
Don’t mistake the dark Web for some sort of “scary” underworld, he added. “Nobody’s wearing a hoodie over there. It’s just another way to obtain information not through the regular methods,” he said.
Hackers are affordable to hire
With access to an organization of their choosing, hackers can then either manually carry out the attack or a build a team to handle the operation.
Assembling a team is no longer as expensive as some organizations think, Div said. “The ability to hire people to conduct an operation has become very accessible” and, unlike a decade ago, no longer costs a “fortune,” he said.
The reason, said Div, is that the people who can execute hacking operations are no longer impossible to obtain. And a team doesn’t necessarily have to be large. It can consist of just two people who are looking to earn extra money, he said.
“Today with $5,000 you are performing an operation. With $10,000 you are performing a full-blown operation. The price is going down every year,” Div said.
Even commodity threats can turn malicious
But nation-state actors and hackers who have obtained nation-state hacking tools aren’t the only threats that should concern enterprises. Threats that are seemingly benign can pose major security issues.
Div talked about a case involving a Cybereason customer that was infected with adware, a commodity threat that’s a low priority to many security teams. “It’s not something you want in your environment, but it’s not going to cause damage,” Div said.
In this instance, however, Cybereason discovered that the adware could inflict serious harm on a company. Hackers were equipping the program with components usually found in malware, including persistence and communicating by using domain generation algorithms.
“It was fascinating to see commercial adware become a very malicious rootkit that become a very malicious full-blown operation,” Div said.
Beefing up the traditional adware that carried out the initial infection was only one part of the attackers’ overall plan, according to Cybereason’s research. Ultimately, the attackers wanted to sell access to the infected company’s network to other criminal organizations that wanted to carry out their own hacking operation
“Sometimes you see a nation-state attack, but that’s not the only story. A lot of the [threats] you see, it’s really malware or regular tools that can be boring but with the click of a button, it can be very malicious,” Div said.
Fred O'Connor is Cybereason's senior writer.
