Home Nation-state actors burrow into critical systems

Nation-state actors burrow into critical systems

Dec. 13th – U.S. government officials and cyber security experts are concerned about recent nation-state backed attempts to infiltrate critical infrastructure, including American power, water, and transportation systems.

Cyber criminals who appear to be affiliated with China have wormed their way into computer systems belonging to roughly two dozen critical infrastructure organizations across the past year.

It is believed that the intrusions are part of wider efforts to sow panic, create chaos and snarl logistics in the United States, should a war break out in the Pacific or between the U.S. and China.

State-sponsored hacking

This recent reporting aligns with previous Microsoft reporting around nation-state backed efforts to disrupt U.S. Asian communication networks, in preparation for a human-engineered crisis.

Targets of these types of activities have included communications, manufacturing, utilities, construction, government, information technology, education, and utilities entities.

A joint cyber security advisory from the ‘five eyes’ nations describes the tactics, techniques and procedures that are commonly employed in the aforementioned state-sponsored attacks.

Prevent nation-state threats

Keep nation-state hacks from becoming large-scale breaches. There are several approaches that organizations can take in order to make themselves into more challenging targets for threat actors. For example:

  • Ensure that your organization uses a reputable endpoint security solution on all devices, including mobile devices, to prevent ransomware, spyware and other threats.
  • Ensure that your organization deploys email security solutions that can identify and block social engineering attempts before they reach employees’ inboxes.
  • Ensure that your organization has a patch management system in place. Keeping up with patching ensures that security gaps are closed before hackers can exploit them.
  • Ensure that your organization educates employees around the latest threat types and that employees know how to respond appropriately to suspicious activities; whether digital or physical.

    Discover comprehensive nation-state threat prevention resources