Security news that informs and inspires

Foreign Cyberattacks ‘Getting Worse Not Better’

By

Attacks by state-sponsored groups against government agencies and companies in the United States have reached the level of “crisis” and is continuing to get worse, with China playing the lead role, legislators and top law enforcement officials say.

In a hearing Wednesday to address threats to the U.S., members of the Senate Committee on Homeland Security and Government Affairs expressed serious concerns about the continued attacks by government-backed groups against both public and private organizations. Officials from the FBI, Office of the Director of National Intelligence, and Department of Homeland Security, who testified at the hearing said that while all of the major political adversaries to the U.S. are actively engaged in cyber attacks on American organizations, groups affiliated with the Chinese government have emerged as the main threat.

“I think China represents the broadest, most complicated, and most long term counterintelligence threat we face. China is fighting tomorrow’s fight today, and the day after that and the day after that,” FBI Director Christopher Wray said during the hearing. “Certainly it’s a very serious threat.”

State-sponsored attack groups conduct a variety of different operations, depending upon their affiliation, motivation, and tasking. They can range from economic espionage to critical infrastructure attacks to ransomware to disruptive network attacks. These attack teams often are affiliated with foreign intelligence services or military branches and typically have a high level of technical sophistication and advanced tools at their disposal. While these groups often will target government agencies and organizations affiliated with defense or other government functions, they also will go after private enterprises and specific individuals, depending on their mission at the time.

“This is a crisis and it’s getting worse, not better. Those state actors tend to line up exactly with our adversaries,” said Sen. Rob Portman (R-Ohio).

“China is bringing everything they have to bear. They’re playing the long game."

Those adversaries, Wray said, are mainly Russia, North Korea, and China, and while much of the media and political attention has focused on Russian cyber attacks, Wray and the other witnesses said Chinese attack groups have continued to be the most active and persistent threat to U.S. organizations.

“China is bringing everything they have to bear. They’re playing the long game. We do see them as very active in the cyber space,” said DHS Secretary Kirstjen Nielsen.

In her prepared testimony, Nielsen warned that dozens of countries have the capability to run sophisticated cyber attack operations, and said that targets are not limited to government or critical systems.

“Foreign adversaries are working to build the capabilities to attack financial systems, knock out critical services, take down vital networks, and lock down or alter data—calling into question its availability and integrity. Such attacks can spread well beyond their intended targets and have unforeseeable, cascading consequences,” Nielsen said in her testimony.

“More than 30 nation-states now have cyber-attack capabilities, and sophisticated digital toolkits are spreading rapidly. Virtually everyone and everything is a target, including individuals, industries, infrastructure, institutions, and our international interests.”

Asked about recent reports of sophisticated hardware-based attacks that compromised boards placed in servers shipped from China, Nielsen said supply chain security is among the higher priorities for DHS cyber security groups.

“It’s a particularly pernicious threat because it’s very difficult for any entity to understand every component of any device they purchase,” she said. “We’re working very closely with the private sector to help break down the supply chain and we provide them intelligence on what companies could possibly pose a [supply chain] threat.”