State-sponsored hackers raise the cyber threat stakesReprints
The nature of cyber attacks has evolved over the past 15 years as state-sponsored actors have entered a sphere formerly targeted by pranksters and criminals, according to a cyber security expert.
The types of threats presented by hackers have changed as well, said Grady Summers, chief technology officer of Milpitas, California-based technology security company FireEye Inc., during an address Tuesday at the Property Casualty Insurers Association of America's annual conference. From identity theft and stealing financial data, hackers have moved to where they can remotely control vehicles and threaten critical infrastructure, he said.
Fortunately, entities facing cyber threats can take steps to reduce their losses before and after an attack, he said.
In the early 2000s, pranksters and others used email worms to disrupt their target's operations, but the entrance of state-sponsored hackers changed the nature of attacks, said Mr. Summers.
State-sponsored hackers, however, are looking for different information and patiently establish themselves within the target, staying for months or even years without being detected by installing malicious software, according to Mr. Summers.
Any discussion of state-sponsored data theft “has to start with China,” said Mr. Summers. Chinese hackers used to concentrate on intellectual property theft such as trade secrets, he said. But that has changed, with recent attacks focusing on gathering personal data such as medical records or salary histories. They're doing so because they want to know as much as possible about human targets and their potential vulnerabilities.
Russia has been engaged in hacking as well, initially through criminal enterprises seeking to steal financial information. But with the outbreak of hostilities in Ukraine and other intentional confrontations, Russia is pivoting toward political targets, he said.
“Cyber tensions mirror real-world tensions,” he said.
Another example is the Syrian Electronic Army, which is sponsored by the Syrian government.
Mr. Summers said the group probably consists of 10 to 12 people who have compromised more than 30 Western media outlets by issuing tweets claiming such things as an explosion at the White House that injured President Barack Obama.
“It's amazing to see how such a small group could have such a large impact,” he said.
Now the group is moving from disinformation to military targets by posing online as women in an effort to get battle plans from Syrian rebel groups.
“In many parts of the world, cyber warfare really is that,” he said.
The changing nature of targets includes hacking into self-driving vehicles, said Mr. Summers. It could also mean hackers being able to disable home security systems to facilitate robberies.
Of particular concern is the threat posed to critical infrastructure such as industrial control systems, according to Mr. Summers. There's evidence that the Islamic State has been probing nuclear facilities, he said. But he said infrastructure isn't as well protected against cyber attacks as Wall Street banks are.
Insurers are the targets of cyber attackers as well as other organizations, as was evident in recent attacks on health insurers.
Insurers become tempting targets because they “have great caches of customer data,” which is attractive to state-sponsored attackers, said Mr. Summers.
Insurers also contain financial data that can motivate attackers. “Identity theft is still very useful,” said Mr. Summers.
And insurers can be seen as gadgets for what Mr. Summers called “politically motivated” attacks in which the hackers seek to embarrass a company.
Companies can better prepare themselves against cyber attack by remembering that a company's risk level is only as good as their worst-connected partner, said Mr. Summers. And while no company can stop 100% of cyber attacks, its response preparation can determine the damage it sustains, he said.