How the field of play has changed and why endpoint protection still often comes down to doing the basics, even in the face of increasingly complex threats
The news cycle is awash with coverage of campaigns that have nation-state fingerprints all over them. Now, here at CyberwarCon in Washington, D.C., there’s a deluge of energy surrounding the subject from all corners of the globe.
From information campaigns of all kinds to serious hacking attempts, the new field of play involves big, well‑financed players. Hacking used to be about pranks, money grabs or disgruntled digital natives getting revenge; now it’s about settling national scores.
From a research perspective, it’s still about keeping computer systems safe, regardless of the intended target or the source. And while we don’t get into picking sides, it looks like this trend is rising sharply (the conference doubled in size since last year) and will continue to grow in importance.
From talks about budding, would-be digital forces being stood up by up-and-coming states embroiled in operational growing pains, to the tried-and-true worthy adversaries, the subject is no longer a secret; it’s something the world has to deal with.
It’s interesting to note the extent to which nation states engage in combined campaigns, including disinformation, active hacking, false flags, and A/B testing of new techniques to judge their effectiveness. Defenders, conversely, are having to stand up new techniques to combat the tactics in a sort of cat-and-mouse exercise that promises to span the years to come.
We are here, presenting our recent research on the Dukes family of campaigns, trying to share with the research community the natural evolution of tactics of a family of threat actors that have been adapting techniques to suit their changing targets and dodge detection for years.
Being in D.C. means the lawmaker crowd is also here, trying to grapple with what may be appropriate engagement both tactically and legally, depending on the context. Is it appropriate to strike back kinetically to a pervasive, impactful exploit leveled against your country? While some are ready to quick-launch in retaliation, others take a wait-and-see approach where a certain level of thoughtfulness about appropriate response seems wise. Both approaches will be debated for years.
Meanwhile, it’s interesting to note how many of the super-expensive tactics with the latest tools start by someone clicking on a malicious email. Alarming, actually…
So, protection often comes back to operational security and doing the basics, something we’ve been preaching for years here at WeLiveSecurity. And while we’d like to think we’re making a difference, there’s still a lot of work to do, especially keeping folks safe against increasingly complex threats launched by well-heeled adversaries.