NATION STATES, CYBERCONFLICT AND THE WEB OF PROFIT
The world of Nation State cyberconflict and cyberespionage is covert by nature. Finding evidence of
how such players operate, what tools they use, what motivates them and how they gain supremacy
has always been challenging. Therefore, we are excited to share this study from Dr. Michael McGuire,
Senior Lecturer of Criminology at the University of Surrey in the UK, which shines a light into how the
Nation State cybersphere is evolving.
Over the past year, Nation States have become increasingly bold in their use of cyber capabilities
to bolster sovereign interests – for example, the recent SolarWinds supply chain attack is widely
considered to be the most sophisticated Nation State attack since Stuxnet. There have also been
several brazen attempts to steal intellectual property around Covid-19 vaccine development. This has
brought the issue of Nation State interference out of the shadows and into the limelight, making this
report even more timely.
As Dr. McGuire’s study shows, this escalation in tensions could have easily been foretold. There
has been a steady upwards trajectory in the severity, openness and variety of Nation State cyber
activities over the past twenty years. This has been driven, in part, by the widening use of cyber to
support traditional military and intelligence goals – including surveillance, espionage, disruption and
destruction. Worryingly, the report also highlights that the cyber and physical worlds are now colliding
with potentially disastrous consequences, through cyberattacks against critical infrastructure.
The intersection between Nation States and the cybercrime economy – also known as ‘The Web of
Profit’ – is a particularly interesting development. Nation States are knowingly engaging with this Web
of Profit – buying and trading in tools, data, services, and talent – to further their strategic interests
or ‘keep their hands clean’ of misdeeds by using proxies for cyberattacks. Equally, tools developed
by Nation States are also making their way onto the cyber black market – tools like EternalBlue, the
notorious exploit that was used by the WannaCry hackers in 2017.
In my role as Global Head of Security for Personal Systems, I see three key takeaways from the report:
- The innocent are being caught in the crossfi re: Nation State confl ict does not exist in a vacuum – businesses and individuals alike are being sucked into its sphere either as direct targets (e.g. research facilities developing vaccines) or as stepping stones to bigger targets (e.g. SolarWinds supply chain hack)
- A cyber-treaty won’t be coming overnight: As a comparatively new area of international relations, there are fewer ‘rules’ and far more grey areas – for example, blurred lines between Advanced Persistent Threat (APT) groups and Nation States. While there is hope we will one day come to an agreement on cyberwarfare and cyberweapons, today there is very little in place that can stem the tide
- The endpoint remains the most common point of infection: Individuals and businesses alike need to protect themselves; the best way to do this is by defending the endpoint. Whether it’s social engineering and phishing being used to infect targets, steal credentials and maintain persistence, the endpoint is the number one point of infection for all breaches.
As the severity, sophistication, scale and scope of Nation State activity continues to increase, we need
to reinvent security to stay ahead. This will require a more robust endpoint security architecture built
on zero trust principles of fi ne-grained segmentation coupled with least privilege access control. We
are all in the crossfire now, so it’s critical that every business does what it can to protect itself and its