The People's Republic of China is the ‘noisiest threat actor in cyber space', but the US has conducted the most highly engineered global cyber attacks so far, according to a new report.
The study by security platform provider FireEye aims to help organisations better identify their attackers and defend themselves by detailing the distinctive characteristics of nation-state-driven cyber attacks.
“The list of successful Chinese compromises is long and spans the entire globe,” the report says. “China employs brute-force attacks that are often the most inexpensive way to accomplish its objectives.”
But, the report adds: “Analysts believe that the US has conducted the most highly engineered cyber attacks to date, including Stuxnet, Duqu, Flame and Gauss. This family of malware is unparalleled in its complexity and targeting.”
Europe meanwhile has suffered many attacks without fighting back, according to the study. “No prominent examples have been discovered of the European Union (EU) or the North Atlantic Treaty Organisation (NATO) conducting its own offensive cyber attacks. On the contrary, their leaders have so far foresworn them. But many examples reveal Western European networks getting hacked from other parts of the world, particularly China and Russia.”
The report floats the idea of a global cyber arms treaty, as attacks proliferate: “If world leaders begin to view cyber attacks as more of a liability than an opportunity, they may join a cyber arms control regime or sign a non-aggression pact for cyberspace.”
But the study warns: “Arms control requires the ability to inspect for a prohibited item. Given that a single USB stick can now hold billions of bits of information, verifying would be easier said than done.”
It also highlights the danger of retaliating against attacks without full evidence of who carried them out – a risk that is run by the Joint Cyber Reserve unit, set up by the UK government this week to fight back against cyber attacks.
“Cyber ‘attribution' – identifying a likely culprit, whether an individual, organisation or nation-state – is notoriously difficult, especially for any single attack. States are often mistakenly identified as non-state actors, and vice versa.”
Professor John Arquilla of the US Naval Postgraduate School, agreed. Speaking in the report, he says: “The biggest challenge to deterring, defending against or retaliating for cyber attacks is the problem of correctly identifying the perpetrator. Ballistic missiles come with return addresses. But computer viruses, worms and denial of service attacks often emanate from behind a veil of anonymity. The best chance to pierce this veil comes with the skilful blending of forensic back-hacking techniques with deep knowledge of others' strategic cultures and their geopolitical aims.”
The report, titled "World War C: Understanding nation-state motives behind today's advanced cyber attacks", was published on 30 September.