Hijacking nation-built cyber weapons – what can businesses learn from these events?

Firms can now use more sophisticated tools to aid themselves against the threat of attack from cybercriminals.

Dr Jamie Graves, CEO and founder of ZoneFox explains how cybersecurity affects businesses and the ways firms can protect themselves from the ongoing threat.

For a while, when people thought of cyber crime, images of opportunistic lone wolves prevailed in people’s minds – think the teenage TalkTalk hacker. Next, organised cyber criminal gangs became more commonplace, with their eyes set on bigger prizes such as sensitive information held by the likes of financial services organisations – hello Equifax – or legal firms. Adopting the agility of startups, these enterprising criminals have countless methods at their disposal to take on the world’s big corporates.

To add to the mix, malicious hackers hijacking nation-built cyber weapons – weapons built by a government, typically capable of shutting down key parts of a hostile state’s national infrastructure – are becoming increasingly pervasive in modern cyber warfare. In this instance, the most famous example is The Shadow Brokers, a notorious hacking group that’s stolen and sold several hacking tools from the National Security Agency (NSA) – raising the asking price along the way. You only have to recall WannaCry, which notoriously took down the UK’s NHS, to picture the potential consequences of nation-state weapon theft.

Again, this is a prime example of cyber crooks taking note from startup business models. The Shadow Brokers adapted to a highly pressurised and competitive technology environment – in this case, the industry of cyber crime – through unique tactics, namely stealing cyber weapons to sell for a profit. What’s more, like any decent startup, they understand the importance of memorable branding, with the group’s name most likely in reference to a character from the Mass Effect video game series.

Human errors in computers

Beyond the dangerous and costly nature of these thefts, the threat here for businesses also lies in the risk posed by an accidental insider: towards the end of last year, a colossal sequence of security mistakes led to an NSA contractor leaking his own confidential hacking tools to Russian cybersecurity firm Kaspersky Lab. This illustrates how human nature plays a leading role in cybersecurity. Although there are malevolent insiders in certain companies, there are also many well-meaning yet naïve or inattentive employees who can put data and IT systems at risk.

In this digital age, it’s easy to assume that computers run everything, including security. However, as attackers understand only all too well, the most efficient route to confidential data and applications is often through an unsuspecting human being. Social engineering, such as phishing emails, remains a thriving activity for cybercriminals. Returning to the hijacking of nation-built cyber weapons, undoubtedly, these signify a new type of threat to watch out for – one with far more global consequences, rather than siloed within a single company.

However, while it’s human to want to discover who is responsible for cyber attacks, this shouldn’t be the focus for the average business. For one thing, it rather plays into the hands of the people behind it – it’s rare to attempt a cyber attack without a plausible alibi, and all too often there are further fallouts as a result of wrongly apportioned blame.

Above all, the most prudent thing to do is to try and figure out how a cyber attack happened and take steps to ensure it can’t happen again – or at the very least, make it much more difficult to achieve next time around.

What cybersecurity tools can be used?

Within SMEs, there are always issues that stem from inside an organisation, from someone leaving themselves logged in on a public computer to the removal of IP from a company’s network, perhaps thanks to a disgruntled employee looking to make a quick buck by selling confidential data to a competitor. Of course, the issue with these types of cyber threat is that the use of authorised details to gain access means that the alarms don’t sound until long after the damage has been done. Hence, no one knew about WannaCry until it was unleashed.

As such, SMEs are turning to a new, more advanced way of monitoring their network for suspicious activity: user entity and behaviour analytics (UEBA). This is the collection and analysis of a person’s data and activity within a network, enabling an overview of how they operate and where they are going without compromising privacy. In short, using machine-learning, it builds a picture of ‘normal’ activity for a user so that anything abnormal is flagged – a junior sales person accessing files belonging to the C-suite at 2am, for example. For SMEs where time and money are luxuries, UEBA provides an ideal, cost-effective solution to this conundrum, and the technology is available within mere minutes of being deployed, so business leaders can act swiftly in the case of an attack.

However, technology alone is not enough. Business leaders must devote time to establishing a company-wide security training plan, ensuring it’s delivered regularly and in a way that engages employees, so that they’re personally invested in protecting their employer’s business against cyber crime. After all, a collective approach is vital for fighting an equally collective (Shadow Brokers-style) of cyber criminals.

Also, it’s important to be careful when it comes to sharing data with third parties. A data leak can have disastrous consequences for an SME, so all outside contractors and suppliers should be aware of its security plan; this way, the security woes of suppliers don’t become your own. Finally, remember to be particularly careful when it comes to passwords. All employees must be reminded that passwords should be stored away from the device, difficult to guess, and never shared. For extra peace of mind, consider password manager tools to add that extra layer of protection.

When it comes to cyber crime, whether the attack is a government-developed exploit coveted by cyber thieves, social engineering, or a self-written programme, SMEs must be able to access budget-friendly cyber security protection. This way, they can they benefit from an approach that’s both proactive and time-saving — qualities no doubt sought by those enterprising cyber criminals hijacking nation-built weapons. By doing this, SMEs can save not only themselves from the dangers of an attack, but also much bigger enterprises and even government organisations further up the chain – protecting myriad global citizens in the process.

Find out more here.

Michael Somerville

Michael Somerville

Michael was senior reporter for GrowthBusiness.co.uk from 2018 to 2019.

Related Topics