April 2022
Is your Business at Risk of Nation-State Trouble ?
Today’s nation-state cybercriminals are going a beyond traditional espionage, expanding their scope of work to include disabling infrastructure, disrupting supply chains, industrial sabotage, misinformation and extortion – and 90% of them regularly attack businesses in the private sector, like companies that provide goods and services or financial institutions.
Nation-State Danger is Escalating
Nation-state cyber threats are something that businesses in every sector will have to be prepared to deal with long term. As the world becomes increasingly interconnected and cloud-driven, cybercriminals will have more reason and more opportunity to strike targets that fall well outside their prior theatres of operation. The bad guys are getting better at pulling off successful operations as well. Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021 – and every increase in that percentage is a loss for public and private sector businesses around the world.
Experts around the world have asserted for years that modern wars will carry a heavy component of cyberattack and hacking activity, and they were right. Nation-state threat actors are targeting infrastructure components using malware and ransomware in the Russia/Ukraine conflict. CISA cautions that attacks and damage from the cyberwar component of this conflict may spread beyond Ukraine, saying in an advisory: “Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organisations, may impact businesses both within and beyond the region.”
The NCSC (National Cyber Security Centre) released a number of advisory recently warning UK businesses of cyberattack danger presented by nation-state threat actors in light of the current Russia-Ukraine conflict. Newspapers in the UK reported similar warnings. Russia is the force behind 58% of nation-state attacks.
Common Nation-State Cybercrime Terms
Microsoft defines nation-state cybercrime as malicious cyberattacks that originate from a particular country to further that country’s interests. It’s a complex subject that is full of twists and turns, and just like any other field, it also has some very specific terminology.
Nation-State Threat Actor – Nation-state threat actors are people or groups who use their technology skills to facilitate hacking, sabotage, theft, misinformation and other operations on behalf of a country. They may be part of an official state apparatus, members of a cybercrime outfit that are aligned with or contracted by a government or freelancers hired for a specific nationalist operation.
Advanced Persistent Threat (APT) – These are nationalist cybercrime outfits with sophisticated levels of expertise and significant resources that work to achieve the goals of the government that supports them, undertaking defined operations with specific goals that forward the objectives of their country.
Infrastructure Attack – When nation-state actors conduct an infrastructure attack, they’re attempting to damage one of their country’s adversaries by disrupting critical services like power, water, transportation, internet access, medical care and other essential requirements for daily life. Infrastructure attacks are a major component of modern spycraft and warfare.
Common Tactics Used by Nation-State Groups
Nation-state threat actors will use a wide variety of means to accomplish their goals, but these are some of their go-to attacks to use against both public and private sector targets. There was a 100% rise in significant nation-state incidents between 2017-2021.
Phishing Attack – A technique for attempting to persuade the victim to take an action that gives the cybercriminal something that they want, like a password or accomplishes the cybercriminal’s objective, like infesting a system with ransomware through a fraudulent solicitation in email or on a web site.
Distributed Denial of Service (DDoS) Attack – Distributed Denial of Service attacks are used to render technology-dependent resources unavailable by flooding their servers or systems with an unmanageable amount of web traffic. This type of attack may be used against a wide variety of targets like banks, communications networks, media outlets or any other businesses that rely on network resources.
Malware Attack – Malware is a toolbox of “malicious software.” It is commonly used as a catch-all term for any type of malicious software designed to harm or exploit any programmable device, service or network. Malware includes trojans, payment skimmers, viruses and worms.
Ransomware Attack– Ransomware is the favoured tool of nation-state cybercriminals. This flexible form of malware is designed to encrypt files, lock up devices and steal data. Ransomware can be used to disrupt production lines, steal data, facilitate extortion commit sabotage and a variety of other nefarious purposes. Ransomware attacks are highly effective and can be used against any businesses.
Backdoor Attack – Nation-state threat actors will often intrude into an businesses systems and establish a foothold called a back door that allows them to return easily in the future. It could be months or years before they use it. This also affords them the opportunity to unobtrusively monitor communications, copy data and find vulnerabilities that enable further attacks.
How Can You Protect Your Company from Nation-State Trouble?
These tips can help businesses steer clear of a nation-state cyberattack.
- Bolster security awareness training. When employees know what to look for, the companies that employ them have 70% fewer security incidents.
- Invest in strong email security. The most likely way for your company to encounter nation-state threats is through a phishing email.
- Teach employees to spot and stop phishing. Malicious messages can carry ransomware (the top weapon of nation-state cybercriminals) and training improves phishing awareness by 40%.
- Patch and update all software and hardware. Nation-state threat actors love to capitalize on vulnerabilities and are experts at leveraging zero-day exploits.
- Adopt a zero-trust security model – Add two-factor authentication to all accounts to secure employee credentials, the cornerstone of zero-trust security, and reduce password-based intrusions by 99%
- Be on guard for credential compromise – An estimated 60% of passwords that appear in more than one breach are recycled or reused, and therefore easily obtained by APTs from the dark web.
We Can Help #MSnetUK