When nation-state attacks are discussed, most people immediately think of those well-known adversaries in North Korea, China, and Russia, but new activity is coming from seemingly benign states such as Lebanon and the Netherlands.
An annual report published by Optiv today, The Cyber Threat Intelligence Estimate (CTIE), analyzed more than 7,000 cybersecurity trouble tickets. According to the report, there has been a dramatic increase in cyber-attack activities coming from countries like the Netherlands and Lebanon.
These lesser-known nation states are using more traditional means of exploits, with combinations of open source and custom-built tools. 220;They, and other actors like them, will continue to become more disruptive as they refine their tactics,221; the report said.
Though its difficult to discern the motivation for the increased attack activity, both countries made headlines this year with cyber-attacks.
Lebanon used an Android malware campaign to spy on thousands of people across 20 countries. “One of the more notable groups in 2017 was the Lebanese General Directorate of General Security, or Bld3F6. They were identified as being behind the Dark Caracal attacks in which the group used various techniques to harvest data,” the report said.
Then the Dutch experienced a taste of the limelight when they uncovered the hack of the Democratic National Committee during the 2016 presidential election in the US by penetrating Russia’s Cozy Bear organization.
While China continues to top the charts with its nation-sponsored attack activity, aspects of these lesser-known nation-states give cause for concern. “These groups have shown that the bar for conducting successful operations is not as high as one might think, and that they can hide within the noise of modern day networks for as long as needed,” the report said.
Regardless of their degree of infamy, nation-state attack vectors are expanding to include the use of social media to influence the opinions and actions of large populations. According to the report, “2017 saw the trend of state-sponsored exploits shift from cyber-physical to cyber-social with interference in several elections across Europe. 2018 is showing sharp repercussions for this information warfare with criminal indictments.”
Using cyber-social attacks on European and American elections, Russia showed the relative ease with which it could pull off these cost-effective attacks. Based on its research, Optiv anticipates this class of attack will be exploited by a growing number of nation-states, hacktivists and other groups in the future.