FBI Director Christopher Wray shared his views on the cyber threat landscape. It includes nation-states, cyber mercenaries, and incident response. Here are key excerpts from his talk.
Top Cyber Quotes by FBI Director Christopher Wray
1. Nation-states are hiring cyber mercenaries:
“Take the combined threat in which we see Russia, such as China, Iran, and sometimes other nation-states. They are hiring cybercriminals, in effect cyber mercenaries.
We see Russian cybercriminals supporting and taking steps to help the Russian government. They are taking advantage of the permissive operating environment that exists in Russia.
In some cases, we also see Russian intelligence officers moonlit. They are making money aside, through cybercrime or by using cybercriminal tools. cybercriminal tools, to carry out state-sponsored attacks. They think it gives them plausible deniability or will hide who is behind it.
So a key question for us today is, when do criminal actors become agents of their host nation? Does the money have to change hands, or is it enough to pledge support in public to a foreign government?”
2. Russia’s current cyber combat stance:
“We have seen the Russian government take measures towards possible destructive attacks. These attacks took place, here and abroad. We are racing towards potential targets to warn them of the threat ahead. We are giving them technical indicators that they can use to protect themselves. And we are moving quickly to disrupt Russian activity.”
3. How the FBI approaches advanced persistent threats (APTs):
“When it comes to the threat of a destructive attack, adversary access is the problem.
This is something we’ve talked about a lot, but it’s acquired greater resonance lately. Russia has been trying to infiltrate companies to steal information for years.
In the course of doing so, they have gained illicit access to likely thousands of U.S. companies. It also includes critical infrastructure. look at the scope of their SolarWinds campaign.
They can use the same accesses they gained for collection and intelligence purposes. Intelligence purposes, are to do something destructive. It is often not much more than a matter of desire.
That is why, when it comes to Russia today, we focus on acting as soon as “to the left of the boom,” as we can against the threat. That is, launching our operations when we see the Russians investigating targets. Targets, which is scanning, and trying to gain an initial foothold on the network. not when we see them later exhibiting behavior that seems destructive.”
4. Nation-state cyber threats, Russia vs. China:
“As broad as Russia’s potential cyber accesses across the country, they pale in comparison to China’s.”
5. Iranian hackers targeted sick kids:
“In the summer of 2021, Iranian government-sponsored hackers attempted. Attempt to carry out one of the most despicable cyberattacks. I’ve ever seen, right here in Boston, when they decided to go after Boston Children’s Hospital.
Let me repeat, Boston Children’s Hospital.
We received a report from one of our intelligence partners indicating that Boston Children’s was about to be attacked. And, understanding the urgency of the situation, the cyber squad in our Boston Field Office rushed to notify the hospital.
Our people gave the hospital team the information they needed to stop the danger immediately. We were able to help them identify and then mitigate the threat.
And the swift actions of everyone involved, especially in the hospital, protected both the network and the sick children who depend on it.”
6. Incident response and cyberattack attribution:
“For victims, we are helping as we respond to malicious cyber activity in this kinetic and destructive context. we have found that speed outperforms almost everything else. It’s more important for us to get to your door in an hour than to tell them if we’re seeing nation-state cyber activity or cybercriminals.
But it’s also important to keep marching toward more specific attribution. Even as we deliver defensive information, before building the whole picture of who is responsible. Because for government response calculations in general, for us to significantly degrade, disrupt, and deter a cyber-adversary. We often need to be much more specific about who is responsible.”
7. The future of cyber threats:
“So it’s clear that our world and our society aren’t just going back to where we were two and a half years ago. And people are going to continue to take advantage of the connectivity that cyberspace provides.
But at the same time, changing our personal and professional lives even more online has created new vulnerabilities. And malicious cyber actors are going to continue to take advantage of people and networks.
That includes cybercriminals who have data to ransom and nation-states like China who steal industrial and defense secrets.
And lately, that has included Russia trying to influence what happens in the ground war they started, threatening attacks on the West in cyberspace.”
Stay Tuned with Us: