TEL AVIV: Nation state-backed cyber attacks have gained currency and notoriety over the past couple of years, with Russia, China, North Korea and Iran taking the lead in actively supporting aggressive cyber attackers, according to Israeli cyber defence firm HolistiCyber CEO Ran Shahor, who had started the first cyber attack programme of the Intelligence branch of Israeli Defense Forces (IDF) 26 years ago.
Shahor, while speaking on ‘geo-political tension and national state grade attacks’ at the Cyber Week held recently in Tel Aviv, shared that each of the four countries listed above had a different motivation for backing cyber attackers and hackers. Russia does it to create disorder and panic in the western world; China mainly for IP espionage; North Korea and Iran originally for terror crimes though they have now moved to simple cyber crime.
Stating that both Iran and North Korea started supporting nation-state grade cyber attacks after a long list of tight international sanctions against them, the retired IDF Brigadier General said that Russia, which over the past few months has faced similar sanctions in wake of the war on Ukraine, is also expected to move towards intensive cyber crime.
“It will affect all of us. Iran and North Korea are already there. It is fascinating to think where China is going. But there is no doubt we are expecting very challenging days going forward,” he warned.
Stating that cyber crime was very profitable with no risk to the attacker, Shahor said that 12 years ago, when merely writing a firewall and anti-virus was enough, the cyber crime scene changed and the attacks became more aggressive, bold and sophisticated even as the defenders failed to react properly.
Six years ago, Russian group Shadow Brokers accessed a whole lot of tech tools from NSA and started selling these on the DarkNet. In the last two years, nation states are increasingly using private cyber hacker groups to hit critical infrastructure and even the private sector.
“Today’s attacker is heavily backed, supported and even instructed by the nation states,” warned Shahor. He said the proxies serve the nation states to augment large cyber attacks while maintaining own deniability. The attackers too are exposed to a different level of financing and, more importantly, to nation state methodology and technology.
The HolistiCyber co-founder said that Israel has an advantage in dealing with nation state-backed cyber attacks, as unlike the rest of the world that is fighting a short supply of cyber security experts, it has a regular supply of manpower as each year thousands of brightest girls and boys who must mandatorily serve in the Israeli army are cherry picked and trained to become cyber ninjas. Also, unlike most western countries that either do not allow cyber attacks or find them too expensive, Israel is a greenhouse for defence and offence technologies and has over 300 cyber companies. Israel has also ensured that all sectors- the defence community, government sector, academia, private sector and international partners – work together to fight cyber aggression.
Shahor said the solution against nation state-backed cyber attacks lies in getting into the mind of the attacker; working with a team of world-class experts with a proven attacker background; adopting a holistic approach by protecting the entire supply chain and not just the IT systems; darknet access for intelligence; and automation for efficiency.
Asking defenders against nation state-grade cyber attacks to prioritise and defend what matters, while also taking calculated risks, Shahor said that while nobody can be fully protected from cyber attacks, “you must be better protected than your competition”.
(The correspondent was in Tel Aviv as a guest of Israeli foreign ministry)