Cyber attacks sponsored by nation states are less likely to use overt methods, such as web defacements and doxing. Instead, such attacks use more covert attack techniques that reflect greater resources and skills through the use of data breaches and malicious software. They are more likely to target state governments and military entities rather than ideological actors.
So concludes a study led by Thomas Holt of Michigan State University in a special issue on cybercrime in the American Society of Criminology's journal Criminology and Public Policy.
The study analyzed 246 cyberattack incidents reported in the Extremist CyberCrime Database. The authors used an analytical tool called Situational Crime Prevention
Study authors concluded that, "There is a need to better utilize all aspects of government, from legislation to grant funding, in order to deter cyberattacks from continuing into the future."
Nation-state attacks were more likely to involve linked targets, reflecting a greater capacity and access to resources to be able to harm multiple targets at once. This may be a reflection of the professional nature of nation-state-sponsored attackers who may be housed within military or government agencies, such as intelligence services, the study said.
The federal Computer Fraud and Abuse Act (CFAA) has been used by prosecutors to pursue criminal charges against people who have performed cyberattacks with state sponsorship. The lack of extradition relationships with nations like Russia, China, and North Korea makes it difficult to prosecute these cases successfully.
Still, naming offenders helps create an avenue to pressure offending nations publicly, creating informal deterrents to future attacks.
The authors say CFAA contains no language related to the creation, possession, or supplying of malware in furtherance of hacking or other violations.
The say that revising the law to criminalize the production and supply of malware may help reduce its use by both nation-states and criminals. The United Kingdom has enacted such a law.
Revising the CFAA would directly increase the number of charges that could be brought against cybercriminals, regardless of their motives, as long as malware was involved in the course of the offense.
Enhanced laws may also create a perception among offenders that the development of malware increases one's legal risks, decreasing its availability in open markets.
The implementation of common security tools will not stop attacks using unknown vulnerabilities, particularly those used by nation-state attackers, the authors say.
They say, "It is essential that governments revise their protocols around the identification and reporting of previously unidentified vulnerabilities in software and hardware products."
There is a need to expand the cybersecurity workforce across both the public and private sector. At present, there are thousands of vacancies in cybersecurity roles, which make it difficult to fully secure networks from compromise or investigate attacks when they occur.
The study focused solely on incidents affecting the United States, which is a persistent target for all types of cyberattacks. Virtually all other Western industrialized nations experience similar nation-state-sponsored attacks.
Co-authors of the study were Mae Griffith, Noah Turner and Prof. Steven Chermak of Michigan State, Emily Greene-Colozzi of the University of Massachusetts Lowell, and Joshua D. Frelich of John Jay College of Criminal Justice.