Not Just a Netflix Plotline: Nation-State Cyberattacks Get Real
by Nick Kael
Posted on February 22, 2023
According to some, ChatGPT and similar AI tools represent the future of coding and information creation. They may represent the future of cyberattacks, too. According to recent research, 51% of IT professionals predict that within a year, the world will witness a successful cyberattack enabled by ChatGPT. 71% of those IT professionals believe that already, as you are reading this post, nation-states are using ChatGPT against other countries for malicious purposes.
Anticipated malicious uses of ChatGPT may include helping cybercriminals write more believable phishing emails, accelerating execution of new social engineering attacks, spreading misinformation, and helping budding hackers learn the technical tools of the trade.
Cyberattacks are the New Battle Front
AI-assisted cyberattacks on government agencies sound like a worrisome prospect. But in fact, there’s nothing new under the sun. Throughout history, nation-states have been using weapons technologies to amplify existing tensions by carrying out attacks on their enemies – and using spy-vs-spy technologies to keep an eye on their “friends.” ChatGPT is just one of a long line of technologies that can be – and are being – exploited for espionage and cyberattacks.
In recent conflicts, for example, cyber warfare has been used to damage infrastructure, dismantle the software of government, and carry out destructive espionage and assaults targeting individuals both locally and across the globe.
For states that are proactively maintaining and nourishing conflicts with other nation-states, either neighboring countries or ideological adversaries around the globe, cyberattacks are a warfare tactic that they can use to strengthen their power and position, along with (or instead of) diplomacy and traditional military operations.
In recent years, cyberattacks have become a preferred way to express international tensions. A recent Microsoft report claims that nation-state actors have been harnessing cyberattacks for espionage, surveillance and destructive purposes more frequently and in a much more aggressive manner than before. It highlights that between July 2021 and June 2022 the proportion of cyberattacks perpetrated by nation-states targeting critical infrastructure doubled, increasing from 20% to 40%. This was largely a result of heavy attacks on critical infrastructure during the Russia-Ukraine war, as well as aggressive espionage targeting allies. However, it also reflects more general global trends.
The Political Gain from Cyber Warfare
Nation-states launch cyberattacks against other nations for the same reasons they launch traditional military attacks: to destabilize governments, damage critical infrastructure, diffuse threats, disrupt essential services, gather intelligence, spread misinformation, undermine public trust in institutions or damage economies. Many attacks also yield significant financial gain.
In addition, government agencies and departments host a plethora of data that is very valuable to hackers. Sensitive personal information can be sold on the dark web and used for identity theft. Classified information can be used to gain political or military advantage, and to increase the effectiveness of further attacks. Phishing emails sent from government addresses are more trusted than others and opened at higher rates.
The Mechanics of Nation-State Attacks
Beyond straight-up attacks on public sector organizations, nation-state actors may target critical infrastructure like utilities and food suppliers, or influential media organizations.
Cybercriminals may also bypass security and breach governments by targeting government suppliers. Following the notorious attack in which malware was delivered to US, NATO, UK and EU government bodies along with updates to the SolarWinds Orion software, supply chain attacks have gotten a lot of attention.
While sophisticated techniques like supply chain attacks and the StuxNet worm make headlines, most nation-state cyberattacks use the standard techniques and tactics that are familiar to both cybercriminals and security professionals. These include advanced persistent threats (APTs), spear phishing and other types of social engineering, DDoS attacks, ransomware and various types of malware.
Protecting the Nation’s Digital Assets with Modern Security Controls
To protect their networks and data from these types of attacks, governments are increasingly strengthening their cybersecurity approach. In the US, cybersecurity is a top concern, as illustrated by multiple recommendations, guidelines and executive orders issued by President Biden since coming into office. The recent Executive Order on Improving the Nation’s Cybersecurity, in particular, directed Federal Government offices to make concrete plans to implement Zero Trust security across the board.
Examples of how Zero Trust can be implemented include segmentation of networks and protecting users as they access the web. Military and defense organization in the US and worldwide have long used virtual machines on isolated servers and more recently, browser isolation to protect confidential information from web-enabled breaches. Today, those organizations are increasingly adopting browser isolation to secure virtual meetings as well as isolation-based ZTNA solutions to secure remote access to applications and networks, even from unmanaged devices.
ZTEdge Web Isolation applies Remote Browser Isolation (RBI) to airgap all web content, including threats and zero-day exploits, from reaching endpoints and networks. When users browse, ZTEdge Web Isolation opens the website in a single-use cloud-based container. Only safe rendering data is sent to the user’s browser – whichever one they choose. The user experience is seamless, but RBI ensures that malware, ransomware and zero-day threats never reach the target’s network and systems.
To protect against phishing, ZTEdge Web Isolation opens unknown links in read-only mode, so users cannot be manipulated into entering credentials on spoofed sites. Content Disarm and Reconstruct (CDR) is applied in the isolated container to guard against malware delivered via weaponized attachments. Attached files are scrubbed of any malware that is present, then reconstructed and delivered with desired functionality intact.
To learn more about the information about government and public threats and solutions, download our whitepaper To Secure the Public Sector from Cyberattacks, in Zero We Trust.
Or contact us to learn about Ericom Software’s ZTEdge cloud security solutions.
About Nick Kael
A cybersecurity expert with over 20 years of experience in web technologies, architecture, infrastructure, networking and dev environments, Nick is responsible for solution management, technology strategy and technology partnerships. Nick was previously Symantec Group CTO for Global Service Providers, following his tenure as Director of the Chief Architect Team for Channel and Service Providers at Zscaler and an earlier position in the Symantec CTO organization. His certifications include CEH7, CCSK, BCCPP, Bluecoat Blue Knight, MCSE + Security, CCDP, CCNA, CCSA, VTP5 and VTSP5.Recent Posts
Air Gapping Your Way to Cyber Safety
Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.
Motion Picture Association Updates Cybersecurity Best Practices
The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.
FTC Issues Cybersecurity Warning for QR Codes
QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.