Although it may seem like a niche skill learning about state based cyber attacks and social engineering. It is actually a skill that we as a nation need to defend ourselves in the future.

How do you know it is a state based actor?

Ok, we need to look at 2 things: 1) The attack vectors, or the source of the attack, and 2) The type of exploit deployed in the attack. When an attack includes several different attack vectors, that increases complexity. The more complex an attack, then the more likely it is that is has come from a nation state. So for example you may have social engineering included as an attack vector, these type of activities are generally carried out by nation states with large resources.

Zero Day Threats

My expertise is in zero day threats, these are threats that have not been picked up yet. If you think of a virus checker, it only works as the we have a digital signature of the virus. So we need to know about it to check for it. Now when a nation state develops new attack methods, these have no signature. So the question is how do we protect assets from threats we don’t know about. This is where cyber forensics comes into play. If you have multiple zero day threats in one attack, then that has to be a nation state. Little Johnny hacking in his mothers basement doesn’t have the resources to do those kind of attacks. For instance the Stuxnet worm (my favourite cyber attack) had 4 zero day threats. Only highly advanced nation states could even get anywhere near that level of sophistication.

Social Engineering

Social engineering is using psychology and knowledge of the human psyche to engineer a scenario where a payload could be delivered. This is very important as its just not the computers that need protecting, the weak link is always the human. So social engineering is used to access closed networks, like nuclear facilities or other high value targets.