There has been a dangerous escalation in the impact of cyberattacks over the last several years attributed to foreign state actors and their proxies. Attacks from these actors are termed Advanced Persistent Threats (APTs): highly competent, well funded and organized actors, with the discipline to conduct cyber attacks requiring months or years laying groundwork for an eventual attack.
APTs were identified over a decade ago, with traditional targets in recent history being government entities and defense subcontractors; notably the United States Office of Personnel Management (OPM)breach attributed to China. Many assumed APTs to be an ‘espionage problem’ (unless of course you were among the >20M government employees whose private information was exfiltrated in this breach), and not a direct threat to private citizens or businesses.
The SONY data breach, attributed to North Korea, was among the first APT breaches where (in addition to physical damage to computer equipment) entertainment media, corporate emails, and operating data were made available to anyone with an internet connection.
The recent ‘hack’ of the Democratic National Committee, attributed to Russian state actors upped-the-ante, by exfiltrating email data, and subsequently made available to the public via an intermediary, Wikileaks. Manipulation of a US presidential election was the presumed objective; an ominous raising-of-the-stakes.
A more recent and disturbing breach is the ‘hack’ and exfiltration of alleged NSA-developed exploit tools. These ‘tools’ are essentially ‘kits’ that can be downloaded and deployed by amateurs with rudimentary computer skills. Although the most recent of which were developed in 2013, they remain very sophisticated and include zero-day exploits (essentially software vulnerabilities unknown even to the authors of the software).These exploits are being offered on the ‘dark web’; some for ‘free’ and others for a nominal investment.
The most frightening aspect is this: NSA-grade exploits were exfiltrated by a foreign power, and made available indiscriminately to criminals or others with malevolent intentions for a price. This is the internet equivalent of equipping amateur thieves with weapons-of-mass-destruction.
These are extraordinary developments that have the potential to equip more criminals with an upgraded capability to wreak havoc.