4 hours 42 minutes
Hello and welcome to the last video from the module attribution.
This lesson will cover the nation state attribution.
It is valuable to explore nation state sponsor the hackers because they are generally resource is the best and their collective motivations run across the spectrum.
Because nation state supported hackers are funded extremely well relative to small groups and individuals,
they can be particularly formidable adversaries for other countries and for commercial industry.
In short, nefarious nations, they sponsor it. Cyber activity can have the VA stating effects on a country's nation, A LL security and its economy.
Let's see together what we will learn in this lesson.
We will start with an introduction to nation state actors. We will see their modest operandi
and their motivation.
We will discover the target's off the state affiliated Attackers, and we will go from defenders perspective to see what are the challenges for detection,
and how can we mitigate the threat off nation state actors?
Let's define the nation's state threat Actors.
A nation state actor has a license to hack.
They work for a government to distract or compromise target governments, organizations or individuals to gain access to valuable data or intelligence
and can create incidents that have international significance.
The word that we need to focus on here is licensed a hack
because these threat actors might be part off some my hiding cyber army or hackers for hire. For companies that are aligned to the aims off a government, the Nation state actor often has close links to military
intelligence or state control, the protests off their country
and off a high degree off technical expertise.
Alternatively, a nation state actor, recruits may be picked for specific language, social, media or cultural skills to engage in espionage, propaganda or disinformation campaigns.
A nation state actor will have the resources and capabilities over their government behind them,
and we'll take instructions from other government employees or members off the armed forces
when it comes to the target's off a nation State actors,
these hackers are anchors inkley, targeting government institutions, industrial facilities and many businesses with powerful and sophisticated techniques which interrupts business operations, leak confidential information and can result in massive data
and revenue loss.
As today's state sponsored cyber attacks are growing in scale, frequency and sophistication
and they're sending the motivation and capabilities off these hackers
is the first step towards employing a risk based approach to mitigate in the most advanced and persistent threats.
Let's see their motivations.
State affiliated or sponsored actors often have particular objectives align and with either political, commercial or military interests off their country off origin.
What actors are often attempting to gain in these attacks is information about their targets or access to their targets through trusted relationships with third party companies.
Often the sensitive nature off data being held by third Party may not be fully appreciated or the company may not consider itself. But our good offer nation state.
Therefore, it often doesn't have the level off prevention, detection and response capabilities to prevent nation state attacks.
A nation state actor is a specialist with a ram it off specific tasks.
They will be tasked with stealing industrial secrets, disrupting critical national infrastructure
listeningto policy discussions
taken down cos that offend their leaders in some way and conducting propaganda or this information campaigns within and outside off their country's borders
State sponsored actors will use standard attack methodologies used by other typical cybercrime actors
on penetration testers.
They do so because they work incredibly effectively and want to be generate so they can't be attributed to any particular group.
These usually involved targeted phishing emails, followed by use off recent known exploits that the victim may not have gotten around to patching. Although the data taken from data britches
may not always appear on underground markets, what can appear are the tools and guides for how to take advantage off the vulnerabilities that alot to access to the vulnerable systems in the first place.
As an example,
researcher publisher, the flow that was used to penetrate Equifax and within 24 hours the information was publish it to hacking websites, and they called it in hacking tool kits when they have a foot halt. These actors often move laterally into shared servers
on all our systems where they can steal
privilege. It's credentials. From there, they rarely use much Muller's.
They stick mostly to use an administrator tools like normal sys admin DS.
They go to ground in a persistent, long term and relatively quite way much like a parasite. Any decent state sponsored actor is goingto persist in their targets, networks without their knowledge
or much impact for mouths. Two years before discovery on Lee when a company is highly mature and its security poster
and is a high value target and generic attacks failed,
then these actors will resort to using cost the zero day Muller's develop it internally.
The majority off organizations find out about cyber security attacks because someone else tell them about it. State sponsored actors will really make a lot off noise on dhe, Cho said. Sufficient disruption to warrant suspicion or three year detection.
Their objectives are to remain persistent, to retain oversight, off communications or access to sensitive data.
As such, they will also often planned persistence mechanisms on systems throughout victims networks, which may remain in touch it or dormant for years.
Thes gain remained practically invisible until the victim attempts to extract the actors.
And just as the victim thinks it was successful, the actors will use these to work straight back in and continue operations.