Dawn breaks over Palm Beach. That morning is like any other at the exclusive private club, Mar-a-Lago. The employees make sure that everything is perfect, from towels to the cocktail bar, so that its privileged members can enjoy the Florida sun in their hammocks. Suddenly, a commotion breaks out in the reception area.
The Secret Service, the government agency in charge of the President’s security, have just arrested a woman who was trying to get into the club. Upon searching her, she is found to be carrying two Chinese passports, four mobile phones, an external hard drive, a laptop and a pen drive. One of the secret service agents connects the small device to his computer, and discovers that the computer is automatically blocked. He concluded that the pen drive contained a piece of malware with one aim: to spy directly on Donald Trump.
The proxy nature of cyberattacks
The events described above aren’t taken from the script of a Hollywood thriller. They happened in March, as reported in The New York Times. It is particularly spectacular proof of the cybersecurity threats that states are facing —threats that increase year after year.
Nevertheless, most incidents dealt with by state bodies are somewhat more low key. Besides which, more often than not, it is tricky to determine whether or not other states are behind such attacks. Were it possible to attribute such attacks in such a direct manner, it could generate an escalation of tensions, potentially leading to a conventional war. This is why, in the same way that proxy wars employ guerrillas or paramilitary groups sponsored or financed by other states, many cyberattacks come from hacker groups that do not directly belong to state apparatus, but which are related to these powers. Many of them are, in fact, on the FBI’s list of the most wanted cybercriminals.
Targets and vectors
The US national security think tank, CSIS, has picked up on this trend for attributed—and not so attributed—cyberattacks in a report that gathers the most significant cyberincidents involving states since 2006. It shows that countries such as the USA have been victims of over 120 large incidents since that year:
This data, along with other data from reports issued by bodies such as the Spanish Government or the US Department of Homeland Security, demonstrate the ways that many of the cyberincidents target State agencies, as well as other frequent targets:
- State-owned enterprises, such as utilities and infrastructure companies
- Defense companies and suppliers to the Armed Forces, especially large companies in the aerospace sector, which provide technology with added value.
- Academic institutions, such as universities or polytechnic schools that may be involved in sensitive projects on the behalf of states.
- Activists and journalists in the case of those states who go after their political detractors.
On the other hand, the vectors of cyberattacks, as well as the varieties used, are increasingly varied. However, among the most common are:
- Attempts to intrude on systems and computers using malware delivered via emails or physical devices such as pen drives or portable memory units.
- Blocking systems via botnets capable of carrying out denial of service attacks (DDoS).
- Remote espionage of electronic devices by capturing signals from mobile networks or Wi-Fi signals, as we explained in our post about evil twins. What’s more, cyberattackers can also use more complex techniques such as electromagnetic emanations from hardware.
Prevention and cyberdefense assets
In our post on the Cybercoalition exercise, we explained how NATO trains in cyberdefense by simulating a massive cyberattack from a fictitious hostile power. If this kind of activity is carried out in organizations, it can be seen as an example of gamification and pen testing, which help all members of these organizations to be prepared for future threats.
But just as important as training activities are technological protection assets. These are the first line of defense, both for states and for organizations. To this end, it is important that organizations have solutions that offer all possible responses to cyberattacks, no matter how serious they are. Panda Adaptive Defense provides total endpoint protection. It also includes a threat hunting and forensic analysis service, in order to determine with precision the nature and origin of any cyberattack. Combining the work of our analysts with the use of machine learning, our advanced cybersecurity solution is able to classify 100% of processes, in order to reduce the attack surface, a vital step when it comes to protecting a country against a cyberattack.