10 deadliest differences of state-sponsored attacks
If you believe that protecting against cyberattacks from government agencies requires the same processes as defending against any other threat — well, to some extent, you are right.
Government agencies will happily use easy “script kiddie” tools and well-known exploits to get into your systems to avoid tipping their hand about who they are and what they’re really after. And they have the money to buy and use the most advanced tools used by criminal organizations to get into your payments data.
So protecting against these kinds of common attacks is necessary if you are trying to protect yourself against state-sponsored attackers — but it is not sufficient. There are some key differences about attacks that originate with foreign governments, and ignoring these differences could prove deadly.
1. They’re going after different types of data
Vandals are out to make a loud splash, so they’ll go after public-facing websites, or just randomly disrupt whatever’s within reach. Criminals will go after stuff they can sell.
Foreign nations will hit embassies and government agencies for political information, said Jaime Blasco, director of labs at San Mateo, CA-based AlienVault, Inc.
And they’ll go after private companies, as well — and not just defense contractors, either.
“If specific companies have developed a technology or method to do something, they might steal information to gain that information for competitive advantage for Chinese companies,” he said. And they’ll also go against personal information or business information that would provide them with insights they need to break into more companies.
Blasco was part of the team that took down UglyGorilla, a Chinese hacker who broke into computers at five U.S. Companies including Westinghouse Electric Co. and United States Steel Corp earlier this year and stole trade secrets and other information.