6.5 Nation-State Attribution Part 1

00:00

Hello and welcome to the last video from the module attribution.

00:04

This lesson will cover the nation state attribution.

00:08

It is valuable to explore nation state sponsor the hackers because they are generally resource is the best and their collective motivations run across the spectrum.

00:20

Because nation state supported hackers are funded extremely well relative to small groups and individuals,

00:29

they can be particularly formidable adversaries for other countries and for commercial industry.

00:36

In short, nefarious nations, they sponsor it. Cyber activity can have the VA stating effects on a country's nation, A LL security and its economy.

00:48

Let's see together what we will learn in this lesson.

00:51

We will start with an introduction to nation state actors. We will see their modest operandi

00:59

and their motivation.

01:00

We will discover the target's off the state affiliated Attackers, and we will go from defenders perspective to see what are the challenges for detection,

01:11

and how can we mitigate the threat off nation state actors?

01:15

Let's define the nation's state threat Actors.

01:21

A nation state actor has a license to hack.

01:23

They work for a government to distract or compromise target governments, organizations or individuals to gain access to valuable data or intelligence

01:36

and can create incidents that have international significance.

01:41

The word that we need to focus on here is licensed a hack

01:46

because these threat actors might be part off some my hiding cyber army or hackers for hire. For companies that are aligned to the aims off a government, the Nation state actor often has close links to military

02:04

intelligence or state control, the protests off their country

02:08

and off a high degree off technical expertise.

02:14

Alternatively, a nation state actor, recruits may be picked for specific language, social, media or cultural skills to engage in espionage, propaganda or disinformation campaigns.

02:28

A nation state actor will have the resources and capabilities over their government behind them,

02:35

and we'll take instructions from other government employees or members off the armed forces

02:43

when it comes to the target's off a nation State actors,

02:46

these hackers are anchors inkley, targeting government institutions, industrial facilities and many businesses with powerful and sophisticated techniques which interrupts business operations, leak confidential information and can result in massive data

03:05

and revenue loss.

03:07

As today's state sponsored cyber attacks are growing in scale, frequency and sophistication

03:15

and they're sending the motivation and capabilities off these hackers

03:20

is the first step towards employing a risk based approach to mitigate in the most advanced and persistent threats.

03:29

Let's see their motivations.

03:30

State affiliated or sponsored actors often have particular objectives align and with either political, commercial or military interests off their country off origin.

03:45

What actors are often attempting to gain in these attacks is information about their targets or access to their targets through trusted relationships with third party companies.

03:58

Often the sensitive nature off data being held by third Party may not be fully appreciated or the company may not consider itself. But our good offer nation state.

04:10

Therefore, it often doesn't have the level off prevention, detection and response capabilities to prevent nation state attacks.

04:20

A nation state actor is a specialist with a ram it off specific tasks.

04:27

They will be tasked with stealing industrial secrets, disrupting critical national infrastructure

04:32

listeningto policy discussions

04:35

taken down cos that offend their leaders in some way and conducting propaganda or this information campaigns within and outside off their country's borders

04:48

wherever possible.

04:50

State sponsored actors will use standard attack methodologies used by other typical cybercrime actors

04:59

on penetration testers.

05:00

They do so because they work incredibly effectively and want to be generate so they can't be attributed to any particular group.

05:11

These usually involved targeted phishing emails, followed by use off recent known exploits that the victim may not have gotten around to patching. Although the data taken from data britches

05:25

may not always appear on underground markets, what can appear are the tools and guides for how to take advantage off the vulnerabilities that alot to access to the vulnerable systems in the first place.

05:40

As an example,

05:42

researcher publisher, the flow that was used to penetrate Equifax and within 24 hours the information was publish it to hacking websites, and they called it in hacking tool kits when they have a foot halt. These actors often move laterally into shared servers

06:00

on all our systems where they can steal

06:03

privilege. It's credentials. From there, they rarely use much Muller's.

06:09

They stick mostly to use an administrator tools like normal sys admin DS.

06:15

They go to ground in a persistent, long term and relatively quite way much like a parasite. Any decent state sponsored actor is goingto persist in their targets, networks without their knowledge

06:30

or much impact for mouths. Two years before discovery on Lee when a company is highly mature and its security poster

06:40

and is a high value target and generic attacks failed,

06:46

then these actors will resort to using cost the zero day Muller's develop it internally.

06:53

The majority off organizations find out about cyber security attacks because someone else tell them about it. State sponsored actors will really make a lot off noise on dhe, Cho said. Sufficient disruption to warrant suspicion or three year detection.

07:12

Their objectives are to remain persistent, to retain oversight, off communications or access to sensitive data.

07:19

As such, they will also often planned persistence mechanisms on systems throughout victims networks, which may remain in touch it or dormant for years.

07:31

Thes gain remained practically invisible until the victim attempts to extract the actors.