Can business even fend off cyberattacks by hostile states? We asked Bogdan “Bob” Botezatu, Director Threat Research & Reporting at Bitdefender, about this.
A Bitkom survey shows: Fear of cyber wars is growing in Germany. 76 percent of people in the country are afraid of an escalation in the digital space. Eleven percent even assume that this could end in an armed conflict. In the event of cyberattacks, a majority sees Germany as defenseless: 78 percent believe that the German armed forces are not adequately equipped to defend Germany in cyberspace – and the trend is rising. Only 16 percent currently believe that the German armed forces can adequately defend Germany in cyberspace. But what is the situation like for companies?
What are state cyber attackers like? What makes them particularly dangerous?
Bogdan “Bob” Botezatu: State-sponsored attackers are at the top of the cybercrime pyramid. Attacks emanating from such perpetrators have usually been developed over years of work and often represent the result of multi-million dollar research projects. They often take advantage of zero-day exploits that can subvert modern operating systems to remain covert and effective.
Does that make cyberwar such a threat?
As the fifth dimension of warfare, cyberspace opens up a wealth of opportunities for state-sponsored actors. Whether it is sabotage, cyber espionage, or simply commercial gain: Advanced malicious actors are constantly assessing and evaluating the importance of foreign companies and infrastructure. Attacks on critical infrastructure such as transportation or energy have the most devastating effects. However, commercial gain is also a welcome extra income for malware actors in the service of a nation-state.
When you think about industrial espionage by foreign intelligence services: Do they use tools more like those adopted for cyberwar or more like those used for classic cybercrime?
Most of the time, cybercriminals target one or a few companies in industrial espionage campaigns. This means that the attackers invest a lot of time to study their targets and prepare the appropriate toolkit for a successful attack. They borrow some of the elements from well-known commercially targeted cyberattacks – such as phishing pages or PowerShell scripts. Beyond that, however, economic spies customise their attack elements and execute them manually.
Some tools are customized and developed for a specific attack, while others are available off-the-shelf. Often, attackers use publicly available and legitimate software such as archivers, password recovery tools, or operating system utilities to launch an attack.
Does it even make sense for organizations to address the risk posed by cyberwar? Aren’t they hopelessly outgunned?
Clearly, yes, it makes sense. Attackers have more difficulty penetrating the networks of companies that have invested well in their cybersecurity strategies. These are also the most likely to be able to fend off the attacks. Even in the event of an attack via a zero-day vulnerability that has not yet been disclosed, companies can implement the appropriate controls, limit the scope of the attack and potentially detect the infected systems sooner.
Companies are hoping for help from the government to protect themselves from cyberwar impacts. What is the experience here? Is the current, governmental protection sufficient, should there be a “cyber army” at EU level, for example, or should there be additional (private sector) layers of defense?
Germany has a comprehensive cybersecurity strategy that defines the principles of defense, makes recommendations and sets strategic goals. However, strategy and principles alone are only half the battle. To implement not only short- but also medium-term cybersecurity strategies, companies need sufficient financial budget and qualified cybersecurity personnel. Governments can issue recommendations and policies, but they won’t be able to allocate funds to audit private infrastructure or patch private servers. When it comes to cybersecurity, there is strength in diversity. Hence, partnerships between governments and industry are the way to go.
How do you see the future of state-sponsored cyberattacks?
Government-sponsored malware will go through a complex evolution in the coming years. After all, it’s just the natural course of events that nation states will also compete for digital dominance. Cyberattacks on critical infrastructure will likely focus on killware, as state hackers can effectively use it against power grids, water and sewage treatment plants, or public transportation. Such attacks directly impact cities, communities, and society itself.
And the threats of state-sponsored hackers radiate out: Once samples of their attacks are publicly available, that code and its associated tactics are also adopted by financially motivated cybercriminals and used indiscriminately to attack businesses and home users.
Bogdan “Bob” Botezatu
is Director, Threat Research and Reporting, Bitdefender: Bogdan Botezatu has served as the director of threat research at Bitdefender for 12 years. His areas of expertise include malware deobfuscation, detection, removal and prevention.