Cyberwarfare has been heating up across the globe for years, but a U.S. leader just said it's become more prevalent than ever.
Nation-states are growing more bold in actions, attacking critical infrastructure and private organizations at an unprecedented rate.
China and Russia continue to disregard warnings from the United States, even after NATO alliances announced cyberattacks could be met with a physical response. And the European Union (EU) called out Russia for its "unacceptable" hacking campaigns targeting nation-states and politicians.
Now, Rob Joyce, Director of Cybersecurity at the National Security Agency (NSA), says that most countries have a program for exploiting cyber vulnerabilities with a focus on espionage and intelligence gathering.
It's another development in the constantly evolving cyber threatscape.
Nation-states exploit cyber vulnerabilities
Joyce recently spoke at the Aspen Cyber Summit to share his perspective on what is happening around the world in cybersecurity. He said that while there is a focus on the "big four" bad actors—China, Russia, Iran, and North Korea— they are not the only ones weaponizing technology:
"Almost every nation in the world now has a cyber exploitation program. The vast majority of those are used for espionage and intelligence purposes. There is interest in dabbling in offensive cyber and outcomes."
He told attendees that even some small nations have advanced their cyber capabilities, though these are typically confined by limited resources.
On the opposite end of the spectrum, China has become a major concern for Joyce:
"The amount of Chinese cyber actors dwarfs the rest of the globe combined."
Although not as big as China, Russia still poses significant risk to the U.S. Joyce says Russia focuses on being disruptive in a way the U.S. cannot tolerate, such as the Colonial Pipeline and JBS Foods incidents:
"We've seen evidence of pre-positioning against U.S. critical infrastructure."
Malicious cyber actions by nation-states are clearly something to be concerned over, but another thing that organizations and agencies must consider is organized cybercrime gangs.
Transnational cybercrime operators
Sometimes the line between these gangs and nation-states is blurry, like we have seen with Russian-based gang REvil, which literally stands for Russian Evil. But these groups can cause just as much damage as a country could.
Jeremy Sheridan, Assistant Director of the United States Secret Service, spoke at a recent SecureWorld virtual conference about cybercriminal sophistication and coordination:
"What's at stake, beyond direct consequence, is a continued system sophistication of transnational organized crime groups. I think that relates to a lot of the challenges we're seeing and the most successful ransomware actors that we're battling.
It is their ability to continue to grow and become more proficient. And I don't necessarily mean that in a technological sense, although that's certainly part of it.
But our biggest challenges are against the Bill Gates and the Steve Jobs of these transnational organized groups."
He continues to discuss why these groups are so effective:
"They're highly organized, they are very proficient in a leadership capacity. And this is what's at stake. It is their ability to continue to get better at those skills. I think also what's at stake is greater anonymization.
We're starting to see that in more complex means to commit these crimes through digital money platforms, more complex privacy coins, more involvement in darknet market operations that ransomware profits facilitate.
The cybercriminals use the proceeds from ransomware crimes for a host of other really pernicious destructive and damaging criminal activities, everything from drugs to child exploitation. That's what's at stake: a greater facilitation of other criminal behavior."
[RELATED] Listen to SecureWorld's Fireside Chat on "Ransomware as an Evolution of Cybercrime" with Jeremy Sheridan, Assistant Director of the U.S. Secret Service:
[RESOURCE] Register for SecureWorld's online training course, Developing a Comprehensive Ransomware Plan, taught CISO Larry Wilson.