The next cyber criminal you need to know? The Nation State Hacker. These are government-funded and guided attackers, ordered to launch operations from cyber espionage to intellectual property theft. These attackers have the biggest bankroll, and thus can afford to hire the best talent to create the most advanced, nefarious, and stealthy threats.
Nation-state actors first appeared in the headlines during a few key cyber security incidents around 2010, including:
- The Operation Aurora attack, it was alleged that Chinese attackers gained access to Google and many other big companies to steal intellectual property, as well as sensitive US government surveillance information.
- The Stuxnet incident, where a nation-state (likely the US) launched an extremely advanced, sneaky, and targeted piece of malware that not only hid on traditional computers for years, but also infected programmable logic controllers (PLCs) used in centrifuges. The attack was designed to damage Iran’s nuclear enrichment capabilities.
Unlike the other hackers’ tools, state-sponsored attackers create very customized and advanced attack code. Their attacks often incorporate previously undiscovered software vulnerabilities, called zero day, which have no fix or patch, as proven in the WikiLeaks Vault7 leaks earlier this year. They often leverage the most advanced attack and evasion techniques, using kernel level rootkits, steganography, and encryption making it difficult for you to discover their malware. They have even been known to carry out multiple attacks to reach their ultimate goal of gaining network access and staying there undetected for a period of time, in order to steal data. For instance, they might attack a software company to steal a legitimate digital certificate, and then use that certificate to sign the code for their malware, making it seem like it comes from a sanctioned provider. These advanced attacks are what coined the new industry term, advanced persistent threat (APT).
While you’d expect nation-state attackers to have very specific targets, such as government entities, critical infrastructure, and Fortune 500 enterprises, they still pose some threat to average organizations as well. For instance, sometimes these military attackers target smaller organizations as a stepping-stone for a bigger attack. Furthermore, now that these advanced attacks and malware samples have started to leak to the public, normal criminal hackers have begun to adopt the advanced techniques, upping the level of traditional malware as well.
To learn more about our APT Blocker and other advanced security solutions visit: https://www.watchguard.com/wgrd-products/security-services/apt-blocker.