Report: Nation state hackers and cyber criminals are spoofing each other

It's difficult to tell hackers apart says Optiv as US government agencies are warned by Check Point about new threats from a Chinese government-backed group.
Written by Tom Foremski, Contributor

Nation-state hackers and cyber criminals are increasingly impersonating each other to try and hide their tracks as part of advanced attack techniques says Optiv Security in its 2019 Cyber Threat Intelligence Estimate report.

The top industries being targeted are retail, healthcare, government and financial institutions. Cryptojacking and  ransomware are new exploits that join the traditional list of computer threats from botnets, Denial-of-Service (DDoS), phishing, and malware.

Optiv says that cyber criminals and nation-state hackers are learning from each other and becoming more successful. They also try to spoof each other by adopting similar techniques to try and confuse investigators.

Earlier this week Check Point Software Technologies warned that US government agencies are vulnerable to a new collection of attack techniques that have been associated with a Chinese government backed hacking group. 

The Israel-based computer security company said it had monitored attacks on unnamed East Asian country in which hackers used spear-phishing that was highly targeted at specific government ministries. Over a seven-month period the hackers kept changing the method of their attacks to try and disguise their origin. 

Check Point researchers said the hackers had put a lot of effort into creating documents with useful information in formats that are associated with government documents. Users became infected when they viewed the documents. 

US government agencies are especially vulnerable to this novel attack warns Check Point. 

Crowdstrike issued a report this week that named Chinese nation-state hackers as the most active of any country, and they have attacked the largest number of industries: chemical, gaming, healthcare, hospitality, manufacturing, technology and telecom.

Foremski's Take

The tools and techniques developed by nation-state backed hacking groups are helping cyber criminals loot hundreds of millions in cash and IP. As governments seek backdoors to security systems and their cyber-security teams develop advanced hacking tools it is the cyber criminals that benefit the most by exploiting weakened security systems and using the same tools. 

An example is the US National Security Agency's EternalBlue hacking tool which is in the hands of cyber criminals and is being used in ransomware attacks on US cities and government agencies. 

The nation-state efforts to develop sophisticated attack software that then leaks into the wild is exacerbating an already dire cyber security threat landscape. The nation-state groups don't appear to be developing any defensive technologies which means an ever growing arsenal of advanced attack technologies that cyber criminals can use,  adapt and improve.

When governments justify their rights to access secure systems in the name of protecting national interests they create the means to endanger the very things the they seek to protect. 

Editorial standards