He then shared his views on the cyber threat landscape, including nation-states, cyber mercenaries, and incident response. Here are key snippets from his talk.
Top Cyber Quotes by FBI Director Christopher Wray
1. Nation-states are hiring cyber mercenaries:
“Take for example the blended threat where we see Russia—like China, Iran, and sometimes other nation states—essentially hiring cyber criminals, in effect cyber mercenaries.
We see Russian cyber criminals explicitly supporting and taking actions to assist the Russian government, as well as some just taking advantage of the very permissive operating environment that exists in Russia.
In some instances, we also see Russian intelligence officers moonlighting, making money on the side, through cybercrime or using cybercriminal tools to conduct state-sponsored attacks, because they think it gives them some plausible deniability or will hide who's behind it.
So one key question for us today is, when do criminal actors become agents of their host nation? Does money have to change hands, or is publicly pledging support to a foreign government enough?”
2. Russia’s current cyber combat stance:
“We’ve seen the Russian government taking specific preparatory steps towards potential destructive attacks, here and abroad. We’re racing out to potential targets to warn them about the looming threat, giving them technical indicators they can use to protect themselves. And we’re moving rapidly to disrupt Russian activity.”
3. How the FBI approaches advanced persistent threats (APTs):
“When it comes to the threat of destructive attack, the adversary’s access is the problem.
This is something we’ve talked about a lot, but that has acquired heightened resonance lately. Russia has, for years and years, been trying to infiltrate companies to steal information.
In the course of doing so, they’ve gained illicit access to probably thousands of U.S. companies, including critical infrastructure. Just look at the scope of their SolarWinds campaign.
They can use the same accesses they gained for collection and intelligence purposes to do something intentionally destructive. It’s often not much more than a question of desire.
That’s why, when it comes to Russia today, we’re focused on acting as early, as far “left of boom,” as we can against the threat. That is, launching our operations when we see the Russians researching targets, scanning, trying to gain an initial foothold on the network, not when we see them later exhibit behavior that looks potentially destructive.”
4. Nation-state cyber threats, Russia vs. China:
“As broad as Russia’s potential cyber accesses across the country may be, they pale in comparison to China’s.”
5. Iranian hackers targeted sick kids:
“In the summer of 2021, hackers sponsored by the Iranian government tried to conduct one of the most despicable cyberattacks I’ve seen—right here in Boston—when they decided to go after Boston Children’s Hospital.
Let me repeat that, Boston Children’s Hospital.
We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted. And, understanding the urgency of the situation, the cyber squad in our Boston Field Office raced to notify the hospital.
Our folks got the hospital’s team the information they needed to stop the danger right away. We were able to help them ID and then mitigate the threat.
And quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it.”
6. Incident response and cyberattack attribution:
“For victims, we’re helping as we respond to malicious cyber activity in this kinetic, destructive context, we’ve found that speed trumps pretty much everything else. It’s more important for us to get to their doorstep in an hour than it is to tell them whether we’re looking at nation-state cyber activity or cyber criminals.
But it’s also important to keep marching toward more-specific attribution even while we hand off defensive information, before we build the full picture of who’s responsible. Because for the broader government’s response calculations—for us to meaningfully degrade, disrupt, and deter a cyber adversary—we often need to be a lot more specific about who’s responsible.”
7. The future of cyber threats:
“So, it’s clear that our world and our society are not just going back to where we were two-and-a-half years ago. And people are going to continue to take advantage of the connectivity that cyberspace provides.
But, at the same time, the shift of our personal and professional lives even more online has created new vulnerabilities. And malicious cyber actors are going to continue to take advantage of people and networks.
That includes cybercriminals holding data for ransom and nation-states like China stealing defense and industrial secrets.
And lately, that’s included Russia trying to influence what happens in the ground war they started—by threatening attacks against the West in cyberspace.”
For more insights like these, bookmark the BlackBerry ThreatVector Blog.