Speaking at RSA Conference 2019 Kevin Mandia, chief executive officer, FireEye, and Sandra Joyce, senior vice-president, global intelligence, FireEye, reflected on the global threat environment in 2018 and its impact on enterprises and agencies around the world.
Opening the discussion, Joyce said that there was some “good news” to report.
FireEye research showed that “dwell times continue to drop globally,” she said. “This is very important, because most incidents that happen actually start with legitimate credentials, so you really need to pay attention to what’s happening post-breach.”
In terms of threats emanating from some notable modern nations in 2018, Joyce said there had been some significant movements in North Korea, Iran, China and Russia.
“APT37 is a North Korean-sponsored group, and what was really interesting in 2018 was that we watched the group target very locally to the Peninsula, but then we saw it evolve over time and become more technically sophisticated to exploit zero-days, target internationally and there was even evidence they had destructive malware. North Korea continues to punch above its weight class.”
In Iran, Joyce explained that the APT39 group “was carrying out national security goals that were really targeted to individuals,” in 2018. The group was targeting the telecommunications industry and the travel industry, and was less focused “on the organization they were targeting and more focused on the actual individuals who were of interest to the Iranian government.”
Regarding China, Joyce said that “China has never really stopped stealing intellectual property” but what was different in 2018 was a change from “commercial IT theft” to a focus on “military and dual-use technologies. One group in particular, APT40, really stood out to us because they have been doing espionage for a long time, but they have been promoting a very international agenda” to uphold the maritime and naval capabilities of China.
Lastly, activities in Russia continued to be very disconcerting, said Joyce, with campaigns targeting safety systems of an ICS plant. “That’s the last step – the safety systems at an ICS facility are the last thing before a risk to human life.”
In terms of what might be coming next, Joyce said: “If things continue the way they are with brazen actions, increasingly destructive attacks with no guard rails, I think people are going to get hurt.”
To conclude, Mandia added that “we are going to need to come up with a [unified] set of rules” to aid in our defenses against global threats, as it’s always harder to defend than attack. “It’ll go a long way for all of us to figure out how we stop the escalation in cyber,” he said. “As we come up with rules for how countries should behave during times of peace” the nations and citizens who don’t/can’t abide by those rules “will end up having drastically different experiences on the internet than those in a more free world.”