Rob Joyce, cybersecurity director at the National Security Agency and a previous Wash100 Award winner, said advanced persistent threat actors are using virtual private networks and other widely available commercial tools to evade detection, making it more challenging for the government to attribute cyberattacks, Nextgov reported Wednesday.
“We've seen whole APTs kind of go dark to some of the commercial entities who say 'yeah, I don't see those custom tools from name your favorite threat actor group,' when in reality they're just as active but what they're using now is, you know some of the commercial tools that get them to the same outcomes,” said Joyce. “So it's clouded that space.”
He also cited the challenge of distinguishing between state-sponsored hackers and independent criminal actors especially for countries like China.
“What we often see is there are the commercial elements who by day are supporting those government activities and then by night using some of the same tools, infrastructure and other activities. And I think it's really important China understands how much of a risk that is to them, that these uncontrolled actors are, you know, ambiguously combined with their activities, and that, that's a problem,” Joyce said.
NSA and the Cybersecurity and Infrastructure Security Agency (CISA) issued on Tuesday an information sheet meant to help organizations understand the risks and considerations for selecting a virtual private network. The two agencies also advised organizations to request and verify a product’s software bill of materials and ensure that products use FIPS-validated cryptographic modules, among other recommendations.
ExecutiveBiz, sister site of GovConDaily and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.