Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

On Tuesday, the U.K.'s Labour Party became the latest in a decade-long line of victims to claim they were targeted by a "sophisticated" cyberattack that wasn't, actually, very sophisticated.

The big picture: It's the latest lexical stretch for an adjective that's widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.

Driving the news: Labour ultimately faced what's known as a denial of service attack, a way of overwhelming servers with a ton of traffic. It's a digital blunt force attack — harmful, yes, but hardly sophisticated. Labour was not alone.

In the last year or so, victims blamed "sophisticated" hackers for breaches at the Australian Parliament; a hamburger chain; a bank; another bank; yet more banks and universities in Australia, the U.S. and UK; a 1,200-student high school; newspapers; Amnesty International; WhatsApp users; a medical center; an electronics supplier; an embassy; and a community college, among others.

Be smart: Some of those hackers were, in fact, sophisticated. Others weren't. But overusing the word dilutes its meaning.

The sophisticate who cried wolf: For network defenders trying to follow what's going on across the industry, it's important to know when actual sophisticated hackers emerge. "There's a boy who cried wolf situation," said Dylan Owen, senior manager for cyber services at Raytheon.

Sophistication's siren song: As soon as a breach is announced, companies are on the defensive, left to justify to users, investors and employees how data that was supposed to be kept secret suddenly wasn't.

  • "No one is going to say they were breached by average hackers," said Chris Scott of IBM's X-Force IRIS incident response team.
  • Sophisticated often gets used as a synonym for "our organization shouldn't be blamed for missing this."

But, but, but: Sophistication isn't the only way to breach even high-tech defenses. Persistence is just as powerful as technical acumen.

  • "We see relatively simple attacks able to get by good defenses all the time," said Owen.
  • Some of the most effective hacking groups in history — including all but the most recent of Iran's efforts in hacking — were not considered particularly technically skilled.

When experts say "sophistication," they use it very differently from average people.

  • For experts, a sophisticated attack is one that's layered, bespoke and studied — one that cleverly and efficiently achieves its goals. It can refer to work before or after a breach, how an attacker maneuvers inside a network, speed or stealth.
  • For the public, sophistication sounds like someone is simply using unbeatable technology, one part wizardry and another part ninjutsu.

Those aren't the same thing. Just consider the first steps in hacking a computer.

  • The most sophisticated attackers almost always start with methods the public doesn't think of as sophisticated. The U.S., China and Russia — the most advanced hackers in the world — typically start an attack with phishing or exploiting security flaws vendors have already released a patch for.
  • Even so-called zero-days, previously undiscovered vulnerabilities that can't yet be patched, are not always the sign of a sophisticated attacker. "You can have a group that uses a lot of zero-days that isn't technically skilled, just willing to spend a lot of money to purchase them from the black market," said Ben Read of FireEye.

The bottom line: Unless the hackers are known to wear cufflinks, you can usually take "sophisticated" with a grain of salt.

Go deeper:

Go deeper

Senate confirms retired Gen. Lloyd Austin as defense secretary

Photo: Greg Nash-Pool/Getty Images

The Senate voted 93-2 on Friday to confirm retired Gen. Lloyd Austin as secretary of defense. Sens. Mike Lee (R-Utah) and Josh Hawley (R-Mo.) were the sole "no" votes.

Why it matters: Austin is the first Black American to lead the Pentagon and President Biden's second Cabinet nominee to be confirmed.

House will transmit article of impeachment to Senate on Monday, Schumer says

Photo: Drew Angerer/Getty Images

Senate Majority Leader Chuck Schumer (D-N.Y.) announced that the House will deliver the article of impeachment against former President Trump for "incitement of insurrection" on Monday.

Why it matters: The Senate is required to begin the impeachment trial at 1 p.m. the day after the article is transmitted.

Dan Primack, author of Pro Rata
57 mins ago - Politics & Policy

Private equity bets on delayed tax reform in Biden administration

Illustration: Brendan Lynch/Axios

In normal times, private equity would be nervous about Democratic Party control of both the White House and Congress. But in pandemic-consumed 2021, the industry seems sanguine.

Driving the news: Industry executives and lobbyists paid very close attention to Treasury Secretary nominee Janet Yellen's confirmation hearings this week, and came away convinced that tax reform isn't on the near-term agenda.

You’ve caught up. Now what?

Sign up for Mike Allen’s daily Axios AM and PM newsletters to get smarter, faster on the news that matters.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!