FireEye reveals cyber attack characteristics

New report outlines motives behind advanced cyber attacks

Tags: FireEye ( Arab Emirates
  • E-Mail
FireEye reveals cyber attack characteristics According to Kenneth Geers, senior global threat analyst, FireEye, cyber weapons are being used as an advantage in real-world conflict.
By  Georgina Enzer Published  September 30, 2013

Cyber crime experts FireEye have released a report called "World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks", which describes the unique international and local characteristics of cyber attack campaigns waged by governments worldwide.

"Cyber weapons are being used as an advantage in real-world conflict," said Kenneth Geers, senior global threat analyst, FireEye. "Regions have their own set of cyber weapons, which they will use to their advantage when it comes to a conflict or to help their allies. The world is at cyber war with attacks in every direction and location. Cyber shots are fired in peacetime for immediate geopolitical ends, as well as to prepare for possible future kinetic attacks. Since attacks are localised and idiosyncratic-understanding the geopolitics of each region can aid in cyber defence."

Cyber attacks have already proven themselves as a low-cost, high-payoff way to defend national sovereignty and to project national power. The key characteristics for some of the regions include:

Asia Pacific: Home to large, bureaucratic hacker groups, such as the Comment Crew who pursues targets in high-frequency, brute-force attacks.

Russia/Eastern Europe: These cyber attacks are more technically advanced and highly effective at evading detection.

Middle East: These cybercriminals are dynamic, often using creativity, deception, and social engineering to trick users into compromising their own computers.

United States: The most complex, targeted, and rigorously engineered cyber attack campaigns to date. 

In addition, the report speculates factors that could change the world's cyber security landscape in the near- to medium-term, including: Outage of national critical infrastructure that is devastating enough to force threat actors to rethink the power of cyber attacks; A cyber arms treaty could stem the use of cyber attacks; Privacy concerns from the PRISM could restrain government-sponsored cyber attacks in the US and globally; New actors on the cyber stage, most notably-Brazil, Poland, and Taiwan; and increased focus on developing evasion methods that bypass detection.

"A cyber attack, viewed outside of its geopolitical context, allows very little legal maneuvering room for the defending state," Prof. Thomas Wingfield of the Marshall Centre. "False flag operations and the very nature of the Internet make tactical attribution a losing game. However, strategic attribution - fusing all sources of intelligence on a potential threat - allows a much higher level of confidence and more options for the decision maker. And strategic attribution begins and ends with geopolitical analysis."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code