Cyber attacks have become a serious problem that will only get worse in the future, according to Jonathan L. Darby, deputy chief of NSA’s cybersecurity operations group.
Speaking at a conference sponsored by the State Department’s Overseas Security Advisory Council on Wednesday, Darby referred to the recent cyber attacks against Ukraine’s power grid, malware strikes in Saudi Arabia, the Equifax data breach, and global ransomware attacks as the latest examples.
“I expect the trend lines to continue. We’re going to continue to see attacks all around the world,” Darby stated, adding, “Cyber adversaries today are becoming more sophisticated in how they operate.”
He also noted that “phishing” remains the “tried and true method” for gaining access to people’s information. This is when fraudulent emails seemingly sent from known users actually contain links used by hackers to gain access to target networks.
“And some poor sap clicks on a link that’s embedded in there, and lo and behold that sender, that adversary is in that network,” Darby said. “It’s simple, it’s effective. I’m still astounded that people fall for that, the oldest trick in the book, but it works.”
Once inside a network, foreign nation-state hackers and criminals can steal data or set up conditions for conducting destructive attacks against the networks in the future, such as during a conflict or crisis, according to a report in The Washington Free Beacon.
Cybercriminals trying to steal money is one thing, but Darby explained that four countries pose a grave danger to the United States and other countries:
- North Korea
“Russia [is] very aggressive, showing a display of force in the cyber arena,” said Darby. “China sees cyber as a tool to gain national security advantage and economic advantage.”
He said that Iran is focused on using cyber attacks to react to international events and has shown a tendency toward destructive cyber attacks.
North Korea treats cyber capabilities as a “tool in their arsenal” that is used to react to world events, he said.
“So, the new normal today in cyber is, we’re seeing an increasing frequency of attacks, we’re seeing increasing aggressiveness of these attacks, and increasing disruptive cyber operations,” Darby said.
The NSA calls one new trend “repurposing and weaponizing” cyber capabilities that are in what is termed “the wild.”
“Some adversary may use a particular technique or an exploit … malware to target a particular company or government entity,” said Darby. “Well, another adversary may see that, grab hold of that and say, ‘I want to use that for my purposes and I want to combine it with these other techniques, or malwares, or exploits,’ and really repurpose and combine and use them in ways the originator of that exploit never intended it to be used.”
Another trend in cyber attacks is hackers stealing user credentials—usernames and passwords—to get into networks. The credentials make them appear legitimate and, therefore, undetectable.
Darby wants security officials and administrators to collaborate more in sharing threat data and security practices designed to prevent cyber attacks. But it’s an overwhelming task to take on.
Darby said to prevent being victimized by hackers, network administrators should “harden your networks, endpoints, and services using the best practices that are available out there.”
For more on this story, click the "read more" button below.