…and vice versa. That should be part of the title too, but it was already quite lengthy. On this episode of The Inner Circle, I am joined by Kevin Livelli, Director of Threat Intelligence at Cylance, to talk about some interesting research and trends in cyber attacks.
There are two recent reports from Cylance that highlight opposite ends of a spectrum, more or less. On the one hand, there seems to be a trend by nation state attackers to leverage the same open source and publicly available tools and exploits as run-of-the-mill cybercriminals. On the other hand, cybercriminals are also working off of the nation state cyber attack playbook and taking steps to make their attacks appear to be state-sponsored.
In either case, the tactics cover up tracks that might lead back to the real attackers, which makes attribution that much harder for cyber attacks. Is the attack really from a known group of cybercriminals, or is it a nation-state that just happens to be using the same tools and techniques? Is that attack really a state-sponsored attack against the infrastructure of another country, or is it just a group of cybercriminals making an effort to appear to be a nation state?
Livelli also points out that it is not purely about obfuscation or trying to throw cyber investigators off of your scent. In some cases, it is also just a function of using what works. The line between cybercrime syndicate and nation state cyber attacks is blurred because each group studies the other and identifies what works and what doesn’t. In the end, it’s all part of the same evolution of exploit tools, techniques and processes.