- In 2019, there was a 42% increase in cyberattacks attributed to foreign governments, according to a Radware survey of more than 560 employees from international companies. Cyberattacks tied to cyberwar, or geopolitical conflict, increased from 19% in 2018 to 27%.
- One-fifth of businesses reported daily attacks, mainly in the education, retail, and banking and financial services industries last year. Only 6% of respondents said they didn't experience a cyberattack last year. Of those aware of a cyberattack, 13% don't know aftermath on the business's bottom line.
- Nation-state hackers breached two U.S. municipalities last year, according to an FBI announcement sent to industry partners last week, reported by ZDNet. The hackers leveraged a flaw in Microsoft SharePoint servers to steal data. They also left webshells for continued "backdoor persistent access."
Municipalities were easy targets for hacker groups. Organizations in the public and private sector are facing decreased security budgets and an abysmal talent pool; there are only six hires for every 10 open cybersecurity position.
This month the Department of Homeland Security issued proactive guidance for the private sector amid tensions with Iran. A cyberattack is in the toolkit of Iranian nation-state actors, including espionage, surveillance, malware and disinformation campaigns.
Constantly scouting for weakness in infrastructures, nation-state actors could be lying dormant in systems. But attack attribution remains tricky.
Existing tools for identifying attackers is unreliable. There are also federal protocols when the attackers could be a foreign government.
"Hack back" bills have floated around in Congress, but there's always industry resistance. Most recently, the Active Cyber Defense Certainty Act — which is still waiting in committee — suggests the use of beacons to track the origins of a cyberattack.
Beacons act as dye packs used in banks for stolen cash. Critics warn the bill doesn't outline when or under what circumstances companies should use an offensive cyber measure. Private sector cyberattack retaliation could unintentionally escalate existing tensions.