The US National Security Agency (NSA) Director of Cybersecurity Rob Joyce sees two primary adversaries in terms of nation-state cyber-attacks, with Russia and China being particularly active in recent months.
Speaking in a session at the RSA Conference 2022 Joyce, outlined the current state of hacking threats as the NSA sees it. The first threat that he sees is Russia, which is currently at war with Ukraine. Joyce said that starting in January of this year, even before Russia moved troops, it was already engaged in widespread cyber-attacks against Ukraine.
“There were at least seven families of wipers deployed into the theater of operations, all of those were intended to defeat or avoid endpoint security,” Joyce said.
Joyce also highlighted the Russian cyber-attack against the Viasat satellite service, which impacted organizations across Europe.
China Continues to be Aggressive
Joyce also detailed how China has becoming increasingly aggressive with its cyber-attacks against US-based targets. In particular he highlighted the Hafnium attack against Microsoft Exchange servers in 2021.
In an effort to help protect users, the NSA took additional steps to limit the ability of attackers to further exploit Microsoft Exchange. Joyce said that NSA researchers were able to discover multiple vulnerabilities that were reported to Microsoft and patched, before China, or any other attacker could exploit them.
“Knowing that the Chinese were focused aggressively on Microsoft Exchange vulnerabilities, we thought it really important that we kind of shake it until vulnerabilities fell out to see what we could close,” Joyce said.
Ransomware Remains an Issue
The NSA also sees ransomware as a threat to national security, especially in light of the Colonial Pipeline and Kaseya supply chain attacks.
Joyce said that the NSA can help protect against ransomware by working together with other government agencies and corporations. The NSA provides foreign intelligence about nation-state actors and it also has technical expertise and insights to enable remediation actions. Joyce warned ominously that those capabilities, when authorized by the government, can be used by US Cyber Command to impose costs on malicious actors.
“We certainly need to keep the pressure on the financial drivers of ransomware activities, figuring out how to keep them from extracting profit,” Joyce said. “We need to ensure that they are not feeling free to operate without significant consequences.”