• United States




Nation state attacks – the cyber cold war gets down to business

Apr 19, 20185 mins
CyberattacksData and Information SecurityGovernment

Cyber weaponry is moving to new frontiers: yours. Businesses are the next target on the nation state menu. Are you protected or vulnerable?

Nation state attacks, and the threat of them, appear to be evolving.  The theory that these state-backed cybercriminals are focused on hacking into military or diplomatic data for competitive intelligence now needs to be broadened to other motivating factors.  Nation state hackers are expanding their targets to not only government institutions, but also businesses and industrial facilities.  They are using more sophisticated techniques to disrupt organizations, and their respective countries, by leaking confidential, often sensitive, information.

Nothing fun to see here

In his Worldwide Threat Assessment, US Director of National Intelligence Daniel R.Coats painted a concerning scenario of such threats to come.  Said Coats, “The potential for surprise in the cyber realm will increase in the next year and beyond as billions more digital devices are connected—with relatively little built-in security—and both nation states and malign actors become more emboldened and better equipped in the use of increasingly widespread cyber toolkits.”

He called out these three cyber threat examples:

  • In 2016 and 2017, state-sponsored cyber attacks against Ukraine and Saudi Arabia targeted multiple sectors across critical infrastructure, government, and commercial networks.
  • Ransomware and malware attacks have spread globally, disrupting global shipping and production lines of US companies. The availability of criminal and commercial malware is creating opportunities for new actors to launch cyber operations.
  • We assess that concerns about US retaliation and still developing adversary capabilities will mitigate the probability of attacks aimed at causing major disruptions of US critical infrastructure, but we remain concerned by the increasingly damaging effects of cyber operations and the apparent acceptance by adversaries of collateral damage.

Fight sophistication with sophistication

If nation state actors are becoming more sophisticated and emboldened, enterprises need to up their game to the same level of sophistication.  The most recent example of how effective a nation state can be in disrupting regular information flow is Russia’s Roskomnadzor watchdog blocking of Telegram, a messaging service popular in Russia.  It was widely reported that as many as 20 million IP addresses were blocked, and according to Reuters, preventing Russian internet users from accessing Telegram and other services that route content through Google and Amazon servers.  While this was deemed a retaliatory action in response to Telegram’s refusal to comply with a court order that would have breached the confidence of users’ encrypted messages, the clear import is how facile these nation state actors are in disabling and disrupting day-to-day processes for large numbers of users – not to mention interrupting U.S. based business activities,i.e., Google.

In other nation state threats, North Korea is known to have an active botnet in place that can execute DDoS attacks and has been linked by some researchers to the WannaCry ransomware attack.

To proactively defend against these types of threats, the first step is to take another look at your organization from the aspect of information that would be most attractive to a nation state attacker.   If your organization stores intellectual property, sensitive, personal legal or financial data [with GDPR in mind] or other consumer data, you’re ripe for a nation state threat.  Certainly, consumer facing activities are a target-rich opportunity for nation state actors, and the Russian Telegram incident is a good indication of how widespread these attacks can be.

Are you nation state ‘defense ready’?

Our theme in this blog is ‘Be a Security Vigilante.’  Constant vigilance and monitoring of all security processes in place is absolutely essential to defense – for nation state threats, and for all threats that can compromise your organization’s ability to do business.  Think about more frequent check-ins with your security teams to obtain the most complete picture of both authorized and unauthorized activity.  The more you know, the better your defense.  This picture should include deep visibility into traffic patterns across your network to alert you to denial of service threats, or the insidious low volume attacks, like stress tests.

Besides the constant vigilance, be proactive in reducing your ‘attack surface.’   Scrutinize your organization’s workloads and, when internet access is not required, isolate those from the internet.  This helps to reduce the exposure of critical data to unauthorized access, and to defend against ‘man in the middle’ attacks.

Also, use all the tools at your disposal to help with vigilance, such as patch and vulnerability management, application whitelisting, privilege management, identity management, file and media protection, and ransomware remediation.

Know your friends…and enemies

‘Keep your friends close, but your enemies closer.’   It’s a famous line from the Godfather film, and    good counsel for nation state defense. Right now, do you and your team know the origin of all the critical vendors you use?   Have you vetted technology acquired from companies based in nations that can pose a threat?  The National Institute of Standards and Technology (NIST) is a useful resource to review for recommended restrictions on purchasing from certain suppliers or countries.  

On the keeping friends close side, do you feel confident your employees know how to spot malicious activity?   Are they trained, and motivated, to also become security vigilantes?   Many successful malware attacks start with the simple click through on an email that leads to a crippling ransomware event.  Is everyone trained on how to quickly report such malicious activity, thereby preventing a more full-scale attack?   

Your friends need to also extend to your network of trusted security professionals.  Sharing what you have learned, in the face of these threats, or worse, having experienced an attack, helps the universe of colleagues working to defend against major attacks. 

Unquestionably, the more we collaborate in defense against nation state threats, the stronger our collective defense power will be.


Phil Richards has both breadth and depth of security experience. He currently is the Chief Information Security Officer (CISO) for Ivanti. He has held other senior security positions including the Director of Operational Security for Varian Medical Systems, Chief Security Officer for Fundtech Corporation and Business Security Director for Fidelity Investments.

In his security leadership roles, he has created and implemented Information Security Policies based on industry standards. He has led organizations to clean PCI DSS and SSAE SOC2 compliance certifications, implemented security awareness training, and established a comprehensive compliance security audit framework based on industry standards. He has led the organizations through GLBA risk assessments and remediation and improved the organizations risk profile. Finally, he has implemented global privacy policies, including addressing privacy issues in the European Union.

Transforming an organization requires focus on the objectives, clear communication, and constant coordination with executive leadership, which is exactly what Phil has focused on during his security career.

The opinions expressed in this blog are those of Phil Richards and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.