The global cyber-threat environment is the “worst it’s ever been” due to the increasingly reckless behavior of the four major nation-state actors in this area: China, Russia, North Korea and Iran. That was the message of Dmitri Alperovitch, chairman, Silverado Policy Accelerator, and Sandra Joyce, executive vice president, head of global intelligence at FireEye, who provided the annual Global Threat Brief during a keynote session on day 3 of the 2021 RSA virtual conference.
Alperovitch began by describing how 2020 was a particularly challenging year for the cybersecurity sector. “We’ve had the global pandemic, we’ve seen cyber-adversaries of all types take advantage of stress and workload that is brought on to defenders, but also we’ve had the elections, and the cyber-interference that we all expected.”
SolarWinds
The two standout cyber-attacks of the past year – the SolarWinds and Microsoft Exchange incidents – were the first port of call for the two experts in this session. The pair noted the highly targeted nature of the SolarWinds hacks, with Alperovitch commenting that “this was a traditional espionage operation” by the Russian state that targeted foreign governments, particularly areas of the US government, and “other countries that would be used to facilitate access to those government networks.”
He added that a killswitch was in operation to shut down the malware, which was enacted in 99% of the victims – the ones that were irrelevant to their operation – to keep it in “stealth mode” as long as possible. Overall, this attack represents a modernized approach of getting “inside supply chains that are hard to detect and stay in there for long periods of time,” mimicking the previous tactic of using undercover human agents to infiltrate other nations.
Joyce observed that only very specific information was targeted in the attack, with even lucrative data like financial information ignored. “This was an operation to satisfy national-level collection requirements, and that’s espionage,” she stated.
No tags.
