2000 M Street NW, Suite 500 Washington, D.C. 20036 Phone: 202.601.1222 Email: NCI@Excelsior.org Fax: 202.370.9558 WWW.NATIONALCYBERSECURITYINSTITUTE.ORG Cybersecurity Attacks by Nation States Cybersecurity attacks by nation states are steadily on the rise. It is also one of the hardest things to attribute towards just one single state actor. There are many avenues of forensic analytics that must be completed prior to accepting one certain nation state as attribution. The information falls under the same rule found in the intelligence community. Trust but Verify Made famous by the former U.S. president Ronald Reagan back in the early, 1980s. Cyber-attacks by nation states are currently being deterred by various counter measures and technical techniques. One is through cybersecurity threat intelligence and information sharing. If an organization is hit and warns other organizations they share data with, other organizations can prepare their signatures and intrusion prevention devices or scan and monitor their systems to see if they were breached as well. Often, nation state cyber-attacks are very sophisticated and complex. Other tools and human analysis will be needed to detect and deter such actions on organizations. Now that you know a little history and background on cybersecurity and how a nation state can affect other countries. Lets explore another case study. Jamies university was very well diversified in cyber technologies and its implementation. Students and professors nationalities, ethnic, and cultural backgrounds were also varied. Professors names were various in nature, such as Jamies security lab professor, Dr. Wang. Dr. Wang, always traveled back and forth every other week to his homeland located in East Asia. He would check in every now and then there with his various past classmates and colleagues. Many of them were associated with the government. The government that Dr. Wang worked for was a well established and known Advanced Persistent Threat actor. Dr. Wang was serving as an eminent scholar and visiting professor to Jamies American University. Dr. Wang was very well educated in various and vast techniques of cyber exploitation. He would often work alongside his East Asian colleagues on various projects. Dr. Wang knew that students in his class were involved in U.S. government endeavors. There were numerous sources of eligible targets for his government. Dr. Wang, after all, was the prime instructor for his countrys university of trained cyber armies. Dr. Wang exclaimed to himself, These American students are extremely arrogant. Then, he shouted to his trained cyber units, We will bring the American cyber systems down and their economic wealth down along with it! Dr. Wang, immediately went to work developing his latest (RAT) a Remote Access Trojan malware, which could easily and remotely be controlled by his command and control servers located in his major metropolitan location in East Asia. He thought he would just include the URL for the download in the students lab assignment packets and evenly distribute spear phishing emails. He could then transform the American students computer laptops into a botnet that could be controlled remotely by his cyber army using the implanted RAT. Dr. Wang was able to collect the numerous IPs from his students laptops, desktops and mobile systems through the open network that existed on campus. He then loaded the IPs to exploit and distribute the malware across the classroom. He used his very controlled classroom environment for the implementation of a well design attack. All intellectual and proprietary data the students had access to, was immediately compiled, condensed and packaged into convertible and transportable files that could be easily ex-filtrated from Dr. Wangs command and control servers. Dr. Wang thought again to himself, Surely his East Asian country will benefit economically from him and his trained cyber armys efforts and contribution! Case Study III Questions: 1. How were systems infected? 2. What is an APT threat actor? 3. Who is in this case the nation state benefactor? 4. What type of data was being ex-filtrated? 5. What is a RAT? 6. How can a RAT be implemented and used?

Case Study III Questions:

1. How were systems infected?

2. What is an APT threat actor?

3. Who is in this case the nation state benefactor?

4. What type of data was being ex-filtrated? 5. What is a RAT? 6. How can a RAT be implemented and used?