Next wave of security attacks to target governments
State-sponsored espionage will power the “third wave” of hacking and security threats, according to a report from security firm Sophos.
The company’s mid-year Security Threat Report found that security experts were remarkably matter-of-fact about the likelihood of state-sponsored web-based espionage and sabotage, with 7% of respondents believing it was acceptable for governments to launch crippling denial of service attacks against another country’s communication or financial websites during peace time.
There’s a third wave of attacks that appear to be written with the express purpose of breaking into specific government departments
“The first round of computer hacking and cyber crime was driven by hobbyists, then, where we are now, is the hacking for financial gain,” said Graham Cluley, senior technology consultant at Sophos. “But there’s a third wave of attacks that appear to be written with the express purpose of breaking into specific government departments or key companies within foreign governments.”
“They are certainly increasing and we have seen plenty in the last year, but it’s hard to prove that they are state sponsored because they could also be driven by political activists, but it would be naive to think that countries wouldn’t be doing this,” he added.
The report cited several recent cases of state involvement in cyber disruption, and measures to protect against it, including India imposing strict controls on telecom equipment made in China due to fears that hardware could be compromised with data-stealing components or software.
The report also highlighted the UK’s intention to form its own equivalent of the US Cyber Command, to be known as the Office for Cyber Security, and the fact that the government has refused to deny that it attacks other countries in cyberspace.
What surprised Sophos most about the research – which surveyed 1,000 security professionals on its website – was the attitude of acceptance among respondents, who are normally vocal in their criticism of any form of hacking.
“These are people that work in and understand security and are normally miffed about any sort of security threat, so their attitude was a real surprise,” said Cluley.
Yet 23% of respondents thought it was acceptable to spy on foreign powers during peace time, with a further 40% feeling internet spying or disruption was fine, but only during war time.
However, respondents were less relaxed about spying on foreign companies for economic gain; only 9% of security pros thought this was fair game in peace time, a figure that surged to 68% during a conflict.