Increasing numbers of spyware firms are popping up around the globe and more nations are turning to their cyber tools, warned National Counterintelligence and Security Center (NCSC) Director Michael Casey.
Before he leaves his position at the NCSC, Casey said that government and industry alike must take action to protect the “lower hanging fruit” of their cyber vulnerabilities as threats from Russia and China ramp up – which loom larger than threats posed by current cyber groups.
Casey’s comments follow a large-scale China-linked infiltration of major U.S. telecommunication companies last fall – impacting carriers AT&T, Verizon, and Lumen, according to a report by the Wall Street Journal. The hacking group targeted President-elect Donald Trump, Vice President-elect Sen. JD Vance, R-Ohio; and associates of Vice President Kamala Harris.
Threats to communications over mobile devices such as smartphones are increasing, Casey warned. He said that even though the Israeli cyber-intelligence NSO Group is well known, many more companies are appearing across the globe.
“[There] is an increasing number of countries investing in spyware, frankly, specifically targeted at … cell phones … [which we] increasingly put information on,” said Casey during an Intelligence and National Security Alliance event on Jan. 14. “There’s dozens of these companies, and I forget the exact number … but nearly 100 countries have bought this and they’re using it.”
The exact number of countries using spyware is currently classified, Casey said, but noted that it’s not just state actors using spyware, but also criminal and ransomware groups that use it to infiltrate mobile devices.
“This is an increasing threat and … increasingly easy for people to use. I mean, some of these products are plug and play,” Casey continued. “The more complex … the products get, the more flaws we seem to be building into them, and the more people are trying to take advantage of them … There are dozens of companies selling these products now, it’s very profitable for a lot of them.”
While terrorist organizations and ransomware and criminal groups are a threat, the largest threat looms from nation-states, explained Casey, who said that the NCSC is viewing Russia and China as a significant threat of “harming civilian life in the United States.”
“In the long run, NCSC, we see the threats posed by the PRC [People’s Republic of China] and Russia as probably much greater than terrorists, particularly against critical infrastructure,” said Casey, explaining that terrorist threats tend to focus on one target while nation-backed attacks are more widespread. “Volt Typhoon, they were looking at critical infrastructure and [there’s] a shocking number of really random geographic places where they could get into … if there’s a conflict between the United States and the PRC … That’s just a scale that no terror can do, like it’s not even close.”
Casey explained that using a “common sense” approach to cybersecurity can help protect against threats – something the government, like industry, could be doing a better job at.
“[Cyber actors] go after things that aren’t updated, or they have terrible security, or they violate the multi-factor authentication (MFA) rule,” said Casey. “In the interest of not being holier than thou about this, [you can] 100 percent find the same problems for the government, despite the fact that we’ve been telling [industry] about them.”
To protect against threats, he said government and industry alike should build security into their entities and companies by using MFA, regularly installing updates, integrating cybersecurity experts into leadership positions, and using increased caution when vetting investors in private companies.
