As the level and sophistication of cyber-attacks increases the lines between nation state and criminal cyber gangs are beginning to blur.
The warning from the former Director of the US National security Agency, Admiral (ret.) Michael S. Rogers came at the NetDiligence Cyber War Webinar Series, where he added state-led attacks were increasing and showed no signs of slowing down.
Speaking at the online event, Admiral Rogers, the former Director of the National Security Agency and Commander of US Cyber Command who is on the board of directors at cyber risk analytics specialist CyberCube, said that the breadth of activity by states including Russia and China had increased following a lull after the impact of 2017’s allegedly Russian ransomware attack, NotPetya. He also warned that the boundaries between nation states and criminal gangs were blurring as some states employed organised cyber criminals to launch attacks on their behalf.
Discussing the recent resurgence of nation state-inspired cyber-attacks, Admiral Rogers said: “We went through a period between about 2011 and 2017, during which nation states increased levels of activity. This includes the NotPetya hits in the summer of 2017, probably the largest global event we’ve ever seen. And after that, given its repercussions, there seems to have been a bit of a step back.”
Admiral Rogers said in the following three years, the breadth of activity has changed with the SolarWinds attack in December 2020 and the attack on Microsoft Exchange this month both arguably evidence of increased nation state activity.
“You’re seeing criminal groups share tools, and you’re seeing the lines between nation state and criminal group blur a little bit,” he explained. “The Russians in particular, often tend to use criminal groups to engage in state-associated activity. This proliferation of tools is creating a challenging environment.”
Admiral Rogers warned COVID-19 and the move to remote working meant that traditional approaches to cyber security had been rendered partially redundant as infrastructure is shared with family.
“We’re not all sitting behind a central security stack right now. Now we’re dispersed,” he explained. “We’ve blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure’. The bottom line is the attack surface is just proliferated as a result.”