The dynamics of cyber warfare have changed so dramatically that nation-state attacks are now a problem everyone needs to face up to, the former head of the UK’s intelligence agency has warned.
“Five years ago we were aware of nation-state attacks but we would’ve seen them as something that only a nation-state needs to worry about. Today they’re a problem for everybody, as we’ve seen over the last year,” said Robert Hannigan, who served as director general of GCHQ from 2014 to 2017.
Those cyber campaigns blamed on nation-states in the last year include the WannaCry ransomware outbreak – which has been attributed to North Korea – and a Russian government-backed campaign targeting home routers across the west which US and UK authorities warn is designed to conduct espionage and potentially lay the groundwork for future offensive cyber operations.
Hannigan, speaking at the Infosecurity Europe conference in London, said the widening scope of the attacks make sense when combined with the changing political intent of the nation-states behind them.
“If you look at the classic hostile nation-state cyber attacks, they behave online as they do in the real world and their objectives are really quite consistent,” he said and used the example of North Korean cyber attacks like WannaCry and the theft of $80m from a Bangladeshi bank.
“North Korea needs foreign currency and as the sanctions bite, it needs it more and more. It’s doing all sorts of things in the physical world to steal money; why wouldn’t it do that in the digital world?”
While states ranging from North Korea to China to Iran and more are increasingly engaging in cyber warfare, Hanningan pointed to Russia as one of the most sophisticated threats, with the Kremlin having invested in offensive cyber capabilities in recent years.
But, as demonstrated by the campaign targeting routers, it isn’t just government and industry which are now targets for cyber campaigns – the general public is being impacted as those behind the attacks shift their strategy.
“The repositioning for a cyber attack could go all sorts of ways: it could be about intelligence gathering, it could be about some motive we really don’t understand,” said Hannigan.
“But if your geopolitical intent changes and you want to take risks and don’t mind being found out, and feel like being destructive, that suddenly becomes very dangerous and that’s what has changed over the last few years with Russia,” he added.
Hannigan noted how the sophistication of Russian activity has “always been there” but argued the new focus and strategy of targeting infrastructure used by civilians is a particular cause for concern.
“From switching off domestic power in Ukraine, through to hacks against elections in the US, Germany, and France. It’s a weaponizing of a capability they’ve always had that’s most concerning,” he said, adding: “They’re getting more brazen, they’re getting less worried about being caught”.
However, despite the threat posed by sophisticated state-backed cyber attacks, Hannigan argued that there’s a simple way to avoid “80 to 90 percent of cyber attacks” – doing the basics right.
“Most attacks, even the most sophisticated attacks, are delivered through three things. Not keeping software up to date, poor network-configuration management, and poor credential management,” he said.
“Those three things still dominate most attacks, so it’s still the right thing to do to get those basics right and it’s still possible to prevent the overwhelming bulk of attacks by doing that,” Hannigan added.