Who “Sponsored” That Cyberattack?

In a bulletin issued last summer, Lloyds of London announced that it will no longer insure against cyberattacks by governments and “state actors,” but the latter category remains murky and ill-defined. Most nations, including the U.S., use hackers. According to the Secret Service, hackers known as APT41 linked to the Chinese government stole at least $20 million in U.S. Covid relief benefits, including Small Business Administration loans and unemployment insurance funds. Hackers affiliated with Russia, North Korea and Iran have attacked private and government sites in the U.S., and the U.S. has (less publicly) retaliated. At the World Economic Forum in Davos, Interpol Secretary General Jurgen Stock warned that nation-state malware could become “a commodity on the dark web soon,” making it much harder to distinguish criminal attacks from state-backed attacks. At a hearing before the House Armed Services Committee, Mieke Eoyang, the deputy assistant secretary of defense for cyber policy, said “the line between nation-state and criminal actors is increasingly blurry as nation-states turn to criminal proxies as a tool of state power, then turn a blind eye to the cyber crime perpetrated by the same malicious actors.” The Lloyd’s bulletin acknowledged that accurate identification of hackers will become even more important going forward. How many organizations experience a cyberattack from a state or state actors, and not a state-affiliated gang, is difficult to ascertain, but will be necessary for insurance purposes from all reliable providers soon.