What’s Motivating Hackers?

January 12, 2017 |
Image of network and skull

The highly politicized 2016 cyber attacks on the U.S. feel ever-present in the media and it’s hard to tell the truth from the spin.

In 2016, we saw two high profile Russian cyber attacks on the U.S. In June, it was reported by the Washington Post that Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.

The Wall Street Journal in December reported that Russian hackers tried to penetrate the computer networks of the Republican National Committee, using the same techniques that allowed them to infiltrate its Democratic counterpart, according to U.S. officials who have been briefed on the attempted intrusion.

The Rise of State Sponsored Cyber Attacks

Within the last decade we learned that nation states were developing cyber attack capability. However, we thought it was a tool that they had in their arsenal, but were not willing to deploy. Now we see, in many cases, that nation states are the most active adversaries. They’re experimenting with new tools, techniques and ways of influencing U.S. policy through a cyber attacks.

We see nation states, some of the top players being Russia and China, moving from traditional malware tools to attacking the human element within an organization, and attacking the supply-chain. So it’s not just the ones and zeros part of an attack that’s sophisticated, it’s also the development of exploitations of other weak points within an enterprise.

In addition, criminal groups are adopting the same tools and techniques making the gap between deployment by a nation state and deployment by a criminal group, in terms of time and quality, shrink.

What’s Motivating Cyber Attacks?

Let’s look at the top two players. First, while the Russians have been very active hacking information they can use in a broad information campaign, they remain committed to hacking business information that will assist their competitive standing in the world. They are also very interested in collecting military and diplomatic information. They have put significant talent and resources into targeting U.S. government networks to collect the kind of diplomatic information that gives them an advantage in negotiations or strategic decisions as this information enables them to predict U.S. strategic positions and decisions.

For cybersecurity professionals, it is important to know that both nation states are engaged in both types of activity, I think the emphasis for the Russians is on political, diplomatic and military information and the emphasis for the Chinese is on business information.

The primary objective of Chinese cyber collection capability is to enable their State Owned Enterprises (SOEs) to compete on an economic level. We see a lot of network intrusions that result in exfiltration of intellectual property (IP). That’s a hallmark of Chinese hacking groups, particularly 61398 (In 2014 a federal grand jury in Pennsylvania indicted five people from one of that division’s crews, known as Unit 61398, for stealing trade secrets from companies such as Westinghouse and US Steel; all the defendants remain at large. Source: WIRED)

Group 61398’s efforts are emblematic of the Chinese hacking initiative. If you review their economic plan, many of their hacking groups are aligned to collect the kind of IP and business technology that will enhance the key activities that they need to grow their economy.

Improved Network Perimeter Defenses

Whether a Russian or a kid in his pajamas in his mom’s basement, breaches can be preventable.

Tweet this: .@LeoTaddeoCZ says “whether a Russian or a kid in his PJs in his mom’s basement, breaches can be preventable” @CryptzoneTweet: .@LeoTaddeoCZ: “Whether a Russian or a kid in his PJs in his mom’s basement, breaches can be preventable” @Cryptzone https://ctt.ec/L4azT+

Adversaries continue to get past network perimeter defenses, so more work needs to be done to harden the interior. Cybersecurity professionals need to make it harder for any adversary to operate in sensitive interior segments by deploying basic protections such as robust authentication, segmentation, encryption, and logging.

Watch a BrightTALK presentation now and download the slides to learn more about why traditional technologies are falling short. You’ll gain important advice from the expert on how to secure the network perimeter. Watch the talk now.

Network Access Control vs Software-Defined Perimeter - or both? Watch the Webinar.

Back to Blog Home

Leo Taddeo

Leo Taddeo
Chief Security Officer
www.cryptzone.com

Leo Taddeo is the Chief Security Officer (CSO) for Cryptzone, a provider of dynamic, context-aware network, application and content security solutions. Taddeo, former Special Agent in Charge of the Special Operations/Cyber Division of the FBI’s New York Office, is responsible for analyzing the cybersecurity market to help shape Cryptzone’s vision for security solutions. Taddeo provides deep domain insight into the techniques, tactics and procedures used by cybercriminals, to help Cryptzone continue to develop disruptive solutions that enable customers to defend against advanced threats and breaches.

Prior to Cryptzone, Taddeo led more than 400 agents and professional support staff in cyber investigations, surveillance operations, information technology support and crisis management for the FBI. He oversaw high profile cases, including Silk Road, Blackshades and JP Morgan.

Previously, Taddeo served as a Section Chief in the International Operations Division, where he managed FBI operations in Africa, Asia and the Middle East. Taddeo has held various roles of increasing responsibilities in the field, including supervising a joint FBI/New York City Police Department Joint Terrorism Task Force and serving as the Legal Attaché in Rome, Italy.

After receiving his degree in applied physics from Rensselaer Polytechnic Institute in 1987, Taddeo served as a tank officer in the U.S. Marine Corps. In 1991, he was awarded a Purple Heart and Bronze Star Medal for valor for service in the Gulf War. Taddeo then earned a Juris Doctor from St. John’s University and joined the New York law firm of Mound, Cotton & Wollan, where he practiced civil litigation until entering the FBI.

Taddeo is a graduate of the CISO Executive Program at Carnegie Mellon University. He also maintains the Certified Information Systems Security Professional (CISSP) and GIAC Certified Incident Handler certifications.

Leave a Reply

Your email address will not be published. Required fields are marked *