DarkMatter, Quantum and APT Groups
The threat of nation state cyber attacks has garnered significant media attention over the past year. Early in 2019, we saw the U.S. Cyber Security and Infrastructure Security Agency (CISA) issue an emergency directive warning about the nation-state advanced persistent threat (APT) called Sea Turtle which took advantage of a DNS security weakness. Then, Firefox denied Dark Matter Root CA status based on alleged international cyber espionage activities.
As Quantum computing became closer to a reality, Venafi speculated about how Quantum cryptography can give governments an edge against nation state attacks as well as about the geopolitical implications of quantum computers hijacking machines.
Later in the year, we saw an NSA warning of Advanced Persistent Threat (APT) groups exploiting vulnerabilities in a few popular VPN services for cyber warfare. And early in 2020 the U.S. CISA issued another rare emergency directive about a major cryptographic flaw in Microsoft Windows that was discovered by the National Security Administration (NSA). Plus, after a drone to targeted Iranian military leader Qassem Suleimani, we warned businesses to prepare for retaliatory Iranian cyberwarfare.
And most recently, we learned that the U.S. Central Intelligence Agency (CIA) actually owned Crypto AG, a company trusted by government agencies and other public sector entities worldwide, and had used the company’s cryptographic offerings to acquire highly sensitive and often classified data on foreign governments across continents.
Are We In A Permanent State of Cyber War?
Given the constant flow of coverage of nation-state attacks, we here at Venafi began to wonder if we have entered an era of permanent cyber war. So at RSA Conference 2020, we polled 485 IT security professionals to learn their opinions on the seriousness of our current state of cyber warfare. According to our survey, 88% of security professionals believe the world is in a permanent state of cyber war, with 90% concerned that digital infrastructure will suffer the most damage as a result.
While these results are notably high, they are not entirely surprising—especially given the perceived uptake in the nation-state attack surface. “Security professionals are under constant siege from very sophisticated threat actors targeting government, military and private organizations,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.”
The Most Vulnerable Asset?
According to respondents, the most vulnerable industries are those that are undergoing rapid digital transformation and are essential to daily life.
- 60% of respondents say power, water, healthcare and transportation are equally vulnerable to a cyberattack that causes physical damage.
- Nineteen percent thought that power was most vulnerable, followed by healthcare (12%) and transportation and water (tied at 5%).
“The sophisticated cyberattacks that are the hallmark of nation state attacks often target digital keys and certificates that serve as machine identities. These critical security assets are often poorly manageded and provide attackers with the ability to hide in encrypted traffic, pivot across networks and eavesdrop on sensitive data,” warns Bocek. “Any organization that isn’t managing machine identities at least as well as they protect usernames and password is at greater risk of becoming a victim of a cyberattack. And, unfortunately, these risks are unlikely to change in the near term because most organizations are just beginning to understand these risks.”
Is your organization prepared to defend your machine identities against cyber warfare?