Cyber intruders now use in-country assets to mask their location, making attribution challenging. If the state actor has a grudge that they want to air, then they will use their own addresses to get their message across to the company and government.
state-sponsored cyber attack
It’s easy to forge email IP addresses. Proper tradecraft would not use IP addresses that point to the true identity of the attacker. A series of proxy IP addresses and named anonymous proxies would be used instead. Putting in the IP addresses of a North Korean location would be a false flag operation, or incredible incompetence by the North Koreans.
We polled attendees at the recent Black Hat USA 2014 in Las Vegas and learned that 93% of them believe the hacking landscape is only going to get worse. Worryingly, 44% of respondents believe the USA is losing the battle against state-sponsored cyber attacks.
59% of IT security pros expect their network to come under attack in the near future. Digging deeper into the data we discovered this: among those who expect to be attacked, 44% are not confident they can detect an attacker attempting to breach their network and extract data.
The most dangerous threats are highly personalized attacks using custom developed software designed for one-time use against a specific individual. Using inexpensive and plentiful labor, as well as access to vast amounts of personal data on social media sites like Facebook, LinkedIn and others, attackers can now create perfect email attacks that allow the insertion of remote control software onto corporate networks.