How to Protect a Against State Sponsored Hackers

Written by: Francesco Trama | Published on: March 3rd, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

Cybercrime is a daily occurrence. Everywhere you look, you hear about businesses small and large being hacked. But what, exactly, does this entail? And how can your company guard against it? First, to understand how hacking works, let’s take a look at the three basic types of hackers.

Three Types of Hackers

High School Hackers: These hackers are often high school or college students, with tools, talent and time at their disposal. They’ll probe for information, mainly so that they can leave their mark somewhere to earn bragging rights, “Look, I beat the FBI website and put a webpage of my own up there!” They’ll conduct attacks, often on their schools, as a prank. They’re not out to steal personal information and sell it. They’re mainly just looking to have some fun at the expense of others. They’re still dangerous, but once you’ve gotten rid of them, the main thing that suffers is your organization’s reputation for security, more than anything else.

Hacktivists: These hackers are a bit more organized than the high school hacker. They break into your network to send a message, usually political in nature. They generally consist of a pool of people, rather than just a lone hacker. They’ll attack companies that align with a political issue that they’re working against (e.g. global warming activists hacking an oil company) in order to obtain and reveal sensitive information about their target. This can include financial information, personal emails, home addresses, phone numbers, and more.

State Sponsored Hackers: These are the most dangerous hackers of all. Certain countries have their own division of cyberattackers, specifically for the purpose of espionage. They steal intellectual property from businesses in the U.S. and other countries, and either use it for their own purposes or sell it to the highest bidder. They’re much more organized than Hacktivists and High School Hackers, and, with a government’s resources at their disposal, have all the tools to break down your network security piece by piece and access all of your data.

How State Sponsored Hackers Work

High School Hackers and Hacktivists generally get in, do their job quickly, and get out. State Sponsored Hackers, however, exhibit stamina and patience. Their job is to break into your network and steal data. To that end, they’ll do what they can to earn the trust of people in your organization, infiltrating without detection, in order to chip away gradually at your network security.

One way they do it is through email messages. Everyone knows not to click a link or open an attachment from someone they don’t know. But a State Sponsored Attacker will get to know you first, possibly over the course of months. Then, when an email comes with a link to click, or an attachment to open, you’ll be less on your guard and more willing to see what it is.

Or, they might impersonate someone in your organization, such as a manager or supervisor. Under the guise of someone in charge, they’ll send an email to a team member saying, “Take a look at this document and make sure everything is in order.” You open the document, and the next thing you know, a virus is being installed on your computer. And from there, it can worm its way through the rest of the network, breaking down security measures and ultimately providing a back door to the attackers, so that they can enter your system undetected and take what they want.

Guarding Against State-Sponsored Attacks

State sponsored hackers are better equipped than regular hackers, and have more patience. But they still rely on the same basic tools—i.e. bots. The difference is, they have thousands of those bots at their disposal, coming from all over the world. So how can you stop them? Use a Geo-IP layer.

A Geo-IP layer can filter out IPs based on their country of origin. So if you have a sudden spike in traffic from, say, China, that’s obviously not coming from legitimate customers, you can block all activity from any China-based IP addresses. The same goes for any other location showing unusual activity. The bots are blocked before they can even reach your firewall. A few may slip through the cracks, but they’ll be easier for your network security team to deal with, since they’re not being bombarded with requests.

A Geo-IP layer makes it easier to recognize threats to your system and cut them off at the source. This is the most effective way of dealing with State Sponsored Hackers, and ultimately keeping your network secure.