Cybercrime , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Intelligence Chiefs Expect More Cyberattacks Against US
China, Russia, Iran and North Korea Pose Increasing Risk, Congress HearsThe top nation-state threats facing the United States are posed by China, Russia, Iran and North Korea, U.S. Director of National Intelligence Dan Coats warned the Senate Intelligence Committee on Tuesday.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Appearing alongside five of the nation's other top intelligence officials, Coats was first to testify, and he warned that "the big four" countries remain a significant threat to both the U.S. government and private sector. He also said their efforts are "likely to further intensify this year."
In the face of myriad threats, knowing which defenses to prioritize remains challenging because attackers' tactics continue to change, Coats said. But some of the dominant threat vectors he highlighted include cyber operations; online influence operations and election interference; weapons of mass destruction and proliferation; terrorism; counterintelligence; space and transnational organized crime; as well as threats of a more regional nature.
Coats began his threat assessment overview, however, by focusing on election security. He said that after Russia's attempt to interfere in 2016 elections, efforts to safeguard the 2018 midterms were successful despite efforts by "unidentified actors" (see: Redoubling Efforts to Secure Midterm Election).
But he said much more work must be done to safeguard the 2020 elections. "We assess that foreign actors will view the 2020 U.S. elections as an opportunity to advance their interests," Coats said. "We expect them to refine their capabilities and add new tactics as they learn from each other's experiences and efforts in previous elections."
"Not only have the Russians continued to do it in 2018, but we've seen indications that they're continuing to adapt their model, and that other countries are taking a very interested eye in that approach," FBI Director Christopher Wray told the committee.
The U.S. intelligence community's findings, in unclassified form, have been published as part of its latest Worldwide Threat Assessment.
Cyberattacks and Espionage - Top Threats
The intelligence chiefs said that China and Russia pose the biggest risk to U.S. security.
"At present, China and Russia pose the greatest espionage and cyberattack threats, but we anticipate that all our adversaries and strategic competitors will increasingly build and integrate cyber espionage, attack and influence capabilities into their efforts to influence U.S. policies and advance their own national security interests," according to the report.
"In the last decade, our adversaries and strategic competitors have developed and experimented with a growing capability to shape and alter the information and systems on which we rely," it says. "For years, they have conducted cyber espionage to collect intelligence and targeted our critical infrastructure to hold it at risk. They are now becoming more adept at using social media to alter how we think, behave and decide."
Geopolitically speaking, some of America's adversaries have also been aligning. "China and Russia are more aligned than at any point since the mid-1950s, and the relationship is likely to strengthen in the coming year as some of their interests and threat perceptions converge, particularly regarding perceived U.S. unilateralism and interventionism and Western promotion of democratic values and human rights," according to the report.
But Wray said China poses a significant challenge.
"I think China writ large is the most significant counterintelligence threat we face. We have economic espionage investigations, for example - that's just one piece of it - in virtually every one of our 56 field offices," he told the committee (see: Feds Urge Private Sector 'Shields Up' Against Hackers).
The FBI takes the lead on counterintelligence, investigating foreign intelligence operations and espionage. "Beijing will authorize cyber espionage against key U.S. technology sectors when doing so addresses a significant national security or economic goal not achievable through other means," according to the threat report.
Such efforts appear to have been intensifying. Wray says the number of economic espionage investigations concerning China has doubled in the past three to four years (see: Chinese Cyber Threat: NSA Confirms Attacks Have Escalated).
"The Chinese counterintelligence threat is more deep, more diverse, more vexing, more challenging, more comprehensive and more concerning than any counterintelligence threat I can think of," Wray said.
Meanwhile, a number of political events due to happen this year, including Brexit, could also complicate efforts by the U.S. and its allies to repel attacks and operations being run by China and Russia.
"The United Kingdom's scheduled exit from the EU on 29 March 2019, European Parliament elections in late May, and the subsequent turnover in EU institutional leadership will limit the ability of EU and national leaders to contend with increased Russian and Chinese efforts to divide them from one another and from the United States," the report says.
Iran's Cyber Threat
The intelligence chiefs also say that online espionage and cyberattacks emanating from Iran remain a significant threat (see: Google Suspends YouTube Accounts, Content Linked to Iran).
"Iran uses increasingly sophisticated cyber techniques to conduct espionage; it is also attempting to deploy cyberattack capabilities that would enable attacks against critical infrastructure in the United States and allied countries," the report says. "Tehran also uses social media platforms to target U.S. and allied audiences."
North Korea Targets Banks
The threat assessment notes that cash-strapped North Korea poses cyberattack, cyber espionage as well as financial services threats (see: North Korean Hackers Tied to $100 Million in SWIFT Fraud).
"North Korea continues to use cyber capabilities to steal from financial institutions to generate revenue," it says. "Pyongyang's cybercrime operations include attempts to steal more than $1.1 billion from financial institutions across the world - including a successful cyber heist of an estimated $81 million from the New York Federal Reserve account of Bangladesh's central bank."
Tools Complicate Attribution
Online attacks by nation-states as well as others - including criminal groups - have been aided by the increased availability of powerful open source and commercially available attack tools, the report warns, noting that the use of such tools has made it more difficult to accurate attribute cyberattacks (see: Cybercrime Groups and Nation-State Attackers Blur Together).
"The use of these tools increases the risk of misattributions and misdirected responses by both governments and the private sector," the report says (see: Stop the Presses: Don't Rush Tribune Ransomware Attribution).
Assessment Reveals Gap With Trump
The Tuesday testimony by the nation's intelligence chiefs is also notable because many of the threats they highlighted appear to stand in opposition to many of President Donald Trump's foreign and domestic security policies.
The president often highlights the national security threat posed by the country's southern border. He has also declared that the militant Islamic State group has been defeated and that North Korea no longer poses a nuclear threat - while Iran does. And he has continued to question whether Russia interfered in the U.S. political sphere (see: How Trump Talks About Russian Hacking).
The intelligence chiefs' testimony, however, appeared to directly rebut each of those assertions. They warned that Islamic State could easily regroup, that North Korea is continuing to develop nuclear weapons - while Iran is not, and they said not only Russia but now other countries are refining their tactics for interfering in the United States' and allies' democratic processes.