In a conversation moderated by Chris Bing, a reporter for Thomson Reuters, a panel of leaders from Mandiant, CrowdStrike and Red Canary discussed global cyber attacks and growing threats.
The panel was conducted as part of the second day of mWISE 2022, and participants included John Hultquist, Head of Intelligence Analysis at Mandiant, Adam Meyers, Senior Vice President of Intelligence at CrowdStrike, and Katie Nickels, Director of Intelligence at Red Canary.
The wide-ranging conversation included discussions about Russia targeting Ukraine, Iran targeting Albania and the global impact of increasing cyber threats.
"I think it's a question of what we've seen, what we expect, what people think is missing here in terms of the conflict," Hultquist says.
"It's important to remember these are spies, and we don't see everything they do."
"A lot of these incidents are about the iinformation flow; to convince people that they're not safe."
Meyers discussed Iran's attack on Albania, noting this was interesting because the country is a NATO ally of the United States.
He pondered what the implications of an attack on a NATO country would mean for collective defence efforts.
"The US issued sanctions on a country for an attack on a NATO ally," Nickels said.
"The real takeaway is the diplomatic responses, the cutting of ties, the US came out so quickly attributing it to Iran."
Meyers added that once there's a domestic uprising, the local government's concern shifts to these threats. In the case of Iran, Meyer says the focus has become about reducing the influence of the political-militant organisation, Mujahedin-e-Khalq (MEK), which seeks to overthrow the government.
"In the cyber field, we tend to think about sophistication as technical capability, but this is about how they use it," Meyers adds.
Also prevalent in the discussion was the need to help the general public understand the different types of cyber attacks and threats, such as the differences between hacks, compromises and intrusions.
"It's up to us to educate, Nickels said.
"It's on all of us in this room to be part of that education effort."
TechDay had the chance to discuss the current threat landscape with Hultquist, who talks about the global impact of events such as Russia's invasion of Ukraine, rising tensions between China and Taiwan, and Killnet's recent attack on Japan's government websites.
He describes Killnet as an "ideologically-motivated collective of Russian people with degrees of expertise."
He notes that the incident serves as a "good reminder that these wars or geopolitical issues are rarely regional, especially when it comes to the cyber realm."
Speaking to Russia's broader impact in the area of cyber attacks, Hultquist says that the likes of Killnet don't need to be told when to act or what to do.
"They're already ideologically motivated, they're already composed, they're already standing by and ready for the situation," he says.
"They don't need to be told to do something, sort of like a guard dog. You don't have to be home for the guard dog to bite somebody."
"I also think that it's a good example [of how we should] frame our thinking with other conflicts, particularly with the situation in Taiwan.
"If that situation comes to an even greater head than it recently did soon or anytime in the future, I think we're going to have to take a lot of those lessons learned from Ukraine and apply them there."
Further, speaking to Russia's tactics, Hultquist acknowledges that the country's ramping up of troops, resources, and strategic alliances signals a new phase for its war effort.
"Russia is not backing down, they appear to be doubling down," he says.
"Within that paradigm, I think that it's very likely that cyber attacks in Ukraine [will] continue and escalate. And there's a very good, strong possibility that these attacks [will] escalate outside of Ukraine."
Hultquist continues, "I've heard people compare cybersecurity to safety. And there are a ton of good lessons we can take from the business of safety. But there's a big difference between cybersecurity and safety.
"In safety, they are fighting the immutable laws of physics, which will never, ever change. And in cybersecurity, we are fighting an adversary who is thinking and smart and consistently trying to outsmart all the protections that we put in place.
"So the unfortunate reality in the security business [is that] we have to be consistently changing the adversary. That means any security posture that is not designed around adversary knowledge simply will not [work].
"Making any investment in this space without understanding the adversary is an investment that is already depreciating quickly."