It's getting harder to differentiate cyber criminal from state-sponsored hackers

• Cyberspace is an increasingly hostile environment
• Both criminal hacking sectors now impersonating one another 
• Emergence of "hybrid threat actors" a worrying development
• Multiple online identities and other cyber disguises

In the ultimate dystopian novel, George Orwell's "1984", there is a chilling sentence towards the end of the book which reads, "The creatures outside looked from pig to man, and from man to pig, and from pig to man again; but already it was impossible to say which was which.” 

Well that is now true of your common-or-garden cyber criminal and coteries of nation state hackers. Increasingly they are impersonating one another to hide their tracks and avoid detection even as they continue to refine and hone their attack techniques. They adopt multiple online identities and other cyber disguises. It does not bode well.

The 2019 edition of the "Cyber Threat Intelligence Estimate", from security solutions integrator Optiv Security of Denver, Colorado, says cyber-criminals and nation-state owned or spnsored hackers are learning from one another and getting better and better at what they do as they adopt similar methodologies, spoof each other's attack plans and lay down false trails to confuse investigators. 

As the Optiv report says, “Sometimes threat actors may masquerade as a certain type in order to hide their true agenda. Or, threat actors may belong to two or more classes, switching between them as their priorities change. The report also finds that many vertical industries are still open to ever-evolving cyber threats.

While enterprises and organisations increasingly understand that cyber-security is vital to their success the issue is seldom at the top of the corporate agenda even though just one, brief, successful cyber-incursion could bring a business to its knees. As Anthony Diaz, VP and general manager of cyber operations at Optiv says, "Cyber security can be an existential threat for organisations."

The report finds that retail, healthcare, government, and financial institutions continue to be among the most targeted verticals of cyber security attacks and that the attackers are getting more sophisticated as "hybrid threat actors" (those that pretend to be of a different threat classification to conceal their real identities) start to proliferate. 

Old established attack methodologies (botnets, DDoS attacks, malware and phishing remain persistent threats but ransomware and "cryptojacking" are among the new range of weapons in the hacker's armouries. (Cryptojacking is the secret and unauthorised hijacking and use of someone else's computer to mine cryptocurrencies and a growing scourge)

The uncomfortable fact is that cyberspace is becoming more and more hostile, hackers are more sophisticated than ever and hybrid threat actors are getting better at countering detection systems and thus no vertical is immune from attack.

The new Optiv report lists several best practice recommendations including the use of multi-factor authentication whenever possible and the conducting of regular audits of all vendors and other third-party assets and getting rid of the ones that aren't used any more.

The report also says that organisations should be proactive rather than reactive in their approach to cyber security. Where  cyberspace is concerned, shutting the stable door once the horse has bolted is pointless. The deed's done and the money (or the IP) is long gone. Better by far to put the defences up before an attack takes place rather than to try to recover when the assailants have come and gone.

Another good preventive measure is to map data access, preferably from the point of view of an outsider looking to the organisation to identify soft spots. Get them hardened.​