Cyber-attacks tend to have a trickle down effect via a pyramid structure, with the top slot often occupied not by the cliched men in hoodies but by state intelligence organisations, observed F-Secure CEO Samu Konttinen.
"On the top of the pyramid you have the most advanced attackers, with the most advanced attacking tools and technologies. Very often they are surveillance intelligence organisations of some nations," he told a group of reporters at the F-Secure headquarters in Helsinki, Finland.
His statement is informed by F-Secure’s large and continuous analysis of cyber-crime activities. More than seven billion events, one million suspicious URLs and half a million new malware samples go through F-Secure’s scans daily.
Although direct attribution of attacks is often difficult, the analysts have a good idea about the perpetrators, Konttinen said. Often, the indicators point to the top of the pyramid.
"Actors in some of the bigger countries have unlimited resources. They can spend hundreds of millions, even billions, to create cyber-warfare weapons. The challenge is that these techniques and technologies don't stay in their hands. They very often leak into the hands of who you could call normal cyber-criminals. And then suddenly you have criminal groups equipped with tools that were developed by these nations," he explained.
The cycle has been going on since the time state-backed advanced persistent threat groups realised the potential of cyber-warfare.
Operation Aurora, a series of cyber-attacks by APTs backed by the People's Liberation Army of China, began in mid-2009 and continued through December 2009. It was first publicly disclosed by Google in January 2010.
Four days after the disclosure, the code used was available worldwide. Within 18 months, 5,800 attacks were launched using it. Unlike physical attack tactics that lost their potency as time progressed, the code was used and improved again and again as more and more people got hold of it.
"When you drop a bomb, the victim cannot reconstitute all those pieces and send it back to you. But with a digital weapon, you are sending the blueprint of the attack, which the recipient can reverse engineer and design a weapon that comes back to you," said Kim Zetter, the author of Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.
Speaking at Cyber ??Security Nordic at Helsinki, the vetean cyber-security journalist detailed how the Stuxnet virus attack, reported to be launched by the US and Israel, sabotaged Iran’s nuclear efforts.
"Stuxnet started spreading rapidly throughout Iran initially, and then it started showing up in Australia, in the US, in Europe… This is a worm that is still spreading today. As long as there is a vulnerable system on the network it will continue to spread," she said.