Cyberattacks by nation states are becoming more proficient and aggressive, according to a former director of the National Security Agency and former commander of US Cyber Command.
Speaking at the NetDiligence Cyber War Webinar Series, retired Adm. Michael S. Rogers (pictured above), who now sits on the board of CyberCube, said that the breadth of activity by nations including Russia and China had increased following a lull after 2017’s NotPetya ransomware attack, which was allegedly a Russian operation. Rogers said the lines between nation states and criminal gangs were blurring, as some nations employed organized cyber criminals to launch attacks on their behalf.
“We went through a period between about 2011 and 2017 during which nation states increased levels of activity,” Rogers said. “This includes the NotPetya hits in the summer of 2017, probably the largest global event we’ve ever seen. And after that, given its repercussions, there seems to have been a bit of a step back.”
However, Rogers said the December SolarWinds attack and this month’s attack on the Microsoft Exchange were both evidence of increased activity.
“You’re seeing criminal groups share tools, and you’re seeing the lines between nation state and criminal group blur a little bit,” he said. “The Russians in particular often tend to use criminal groups to engage in state-associated activity. This proliferation of tool is creating a challenging environment.”
Rogers also said that the increase in remote work amid the COVID-19 pandemic has had an impact on cybersecurity.
“We’re not all sitting behind a central stack right now. Now we’re dispersed,” he said. “We’ve blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure.’ The bottom line is the attack surface is just proliferated as a result.”