|
|
|
|
|
|
by redprince
2385 days ago
|
|
|
> In a targeted attack, it's likely the foreign agency would be using a 0-day attack. A targeted attack is also expensive and the victim would need to have something worth this kind of money and attention. "Nation state actor" just isn't a reasonable risk assumption for a great many organizations. > The only way to protect against that is by reducing the OS monoculture, offline backups, and using network air gaps on critical data. When the "nation state actor" comes looking for you with some motivation, all that and the air gap won't mean much. See Stuxnet. Like J. Mickens said:
"Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good pass-word and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT." https://www.usenix.org/system/files/1401_08-12_mickens.pdf |
|
|