Nation-State Cyberattacks: What Your Business Needs to Know
Nation-state-backed cyberattacks are by no means a new concept in today’s increasingly digitized world. These kinds of attacks accelerated further amid the COVID-19 pandemic as cybercriminals exploited escalated international tensions to steal intellectual property (IP) data related to COVID-19 vaccines. With the ongoing Russia-Ukraine war, the spotlight is once again on nation-state attacks as threat actors have been more active, looking to take advantage of the crisis.
State-sponsored cyberattacks have drastically increased both in terms of their scope and sophistication. Apart from targeting critical infrastructure, government agencies and think tanks, businesses regardless of size or industry have become their latest hot target. Businesses today hold large volumes of client-sensitive information, employee and financial data, and intellectual assets — all potential income sources for cybercriminals.
What are nation-state cyberattacks?
According to Microsoft, “nation-state attacks are malicious cyberattacks that originate from a particular country and are an attempt to further that country’s interests.”
Although nation-state cyberattacks have become increasingly popular in recent times, such attacks have been around since the 1980s. The book, Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, written by Clifford Stoll in 1989, is perhaps one of the first documented cases of a cyberattack. The book mentions a hacker trying to gain unauthorized access to U.S. military bases.
Previously, state-sponsored attacks were largely driven by nationalism to gain advantage over target nations, compromise government agencies, spread disinformation, steal military secrets and so on. However, numerous cybersecurity incidents indicate threat actors have shifted their focus to individuals and organizations for financial gain and to influence public opinion. For example, according to the Center for Strategic and International Studies (CSIS), in February 2022, an investigation led by Mandiant discovered that hackers linked to the Chinese-government compromised email accounts belonging to Wall Street Journal journalists. The hackers allegedly surveilled and exfiltrated data from the newspaper for over two years, beginning in at least February 2020.
Why organizations should be wary of nation-state cyberattacks
The research sponsored by HP, conducted by Dr. Mike McGuire, senior lecturer in criminology at the University of Surrey, revealed nation-state cybersecurity incidents are growing at an unprecedented rate. The research analyzed more than 200 cybersecurity incidents related to nation-state hack attacks since 2009, which showed enterprises are the top target, followed by cyber defense assets, media and communications, government bodies and finally critical infrastructure.
“Nation-states are devoting significant time and resources to achieving strategic cyber advantage to advance their national interests, intelligence-gathering capabilities and military strength through espionage, disruption and theft,” said McGuire.
According to a recent research by Trellix, more than 85% of organizations said they believe they have been targeted by nation-state cybercriminals. Nation-state hack attacks are highly advanced and harder to detect, which makes them extremely dangerous to governments and enterprises alike.
How nation-state cybercriminals attack businesses
Since the start of the Russia-Ukraine war, cybercriminals have ramped up malicious activities using the war to distract their targets.
“We are seeing cybercriminals use Russia and Ukraine-centric social engineering efforts, like phishing emails, leveraging current events to solicit an emotional response to the war,” says Ros Smothers, former CIA cyberthreat analyst and technical intelligence officer, now at KnowBe4. “In other words, people are less likely to think before they click.”
It is not uncommon for cybercriminals to capitalize on tumultuous times to launch social engineering attacks. According to email security firm Avan, phishing attacks have increased 800% since February 27, 2022. A similar trend was seen during the start of the COVID-19 pandemic, when perpetrators leveraged COVID-19-related phishing emails to steal credentials and deliver malware.
Not only do state-backed hackers utilize state-of-the-art technology, but they also exploit human vulnerabilities to click on malicious links and spread malware like ransomware, which leads to security breaches. For example, the Ukraine charity phishing scams pretending to raise money for the victims of the crisis.
According to the study, “Nation States, Cyberconflict and the Web of Profit,” 65% of the expert panel said they believe nation-states are making money from cybercrime, while about 60% said it is becoming more common for nation-states to recruit cybercriminals to conduct cyberattacks. The dark web is their go-to destination to buy cybercrime tools and services and also sell the tools developed by them.
Implications of cyber warfare on business
The scope of cyber warfare has extended beyond targeting key national infrastructure, espionage, gathering military information and spreading disinformation. Businesses today are at risk of service disruption, data exposure, loss of trade secrets, data corruption, ransomware, financial loss and damaged brand reputation — to name a few — due to highly advanced state-sponsored cyberattacks. While the motive behind these assaults may vary, a single successful attack can have far-reaching consequences, not to mention collateral damage resulting from it. The research by Trellix also found that a successful state-sponsored cyberattack costs victim organizations more than $1 million per incident. As per the research, customer information, confidential data and intellectual property (IP) are the main targets for nation-states.
Crises, such as the ongoing Russia-Ukraine conflict, are also major influencers for other cybercriminals, who do not shy from taking advantage of such situations to intensify malicious activities.
Strengthen security against nation-state attacks and other cyberthreats
The growing menace of nation-state threats must not distract businesses from other cyberattacks that are equally damaging. The number of cyberattacks peaked at a record-breaking 925 attacks a week per organization at the end of 2021. Recent cybersecurity incidents associated with the Russia-Ukraine war are strong indicators that cybercrime will further increase in 2022.
Preparation is key when tackling cyberattacks of any nature or scale. Here are five steps that businesses must consider to improve security against rising cyberthreats.
Create an incident response plan: Incident response (IR) is the process of preparing, detecting, containing and recovering from a data breach or cyberattack. By establishing an incident response plan (IRP) your business can respond to cyberattacks and other security-related incidents with speed, accuracy and efficiency.
Have a business continuity plan: Data loss or downtime due to a cyberattack could bring your business to a standstill. Having a comprehensive business continuity and disaster recovery (BCDR) plan is key to business resilience and for the survival of your organization. BCDR enables organizations to adapt to and bounce back from disruptions while maintaining continuous business operations.
Examine your supply chain: According to a study by Argon, software supply chain attacks increased by a staggering 300% in 2021 compared to 2020. To reduce the risks of such attacks, closely examine your vendors and partners who have access to your systems. Vendors with poor security postures are often potential gateways for cyberattacks. Threat actors can exploit vulnerabilities in your vendor’s network to deliver malicious code, which can then be used to compromise critical systems or data.
The National Institute of Standards and Technology’s (NIST) Special Publication 800-53 Revision 4, includes a security and privacy control to restrict purchases from specific suppliers or countries that may pose a threat.
Connect with peer networks: Connect and share cybersecurity threat information with peer networks, partners and government agencies like the FBI. This will help identify and mitigate the risks of nation-state cyberattacks. Collaborate with cyber and intelligence teams within your peer networks, law enforcement and local government partners to stay on top of alerts and warnings associated with cyberthreats. Collaboration and information sharing help develop a better understanding of the threat landscape, attack patterns and how nation-states operate.
Improve security awareness: Humans make mistakes, which makes them the weakest link in cybersecurity. Security awareness training reduces a company’s chance of a security incident by 70%. With effective cybersecurity awareness training and education, your organization can transform its weakest link into its strongest defense. Educate your employees about the implications of their actions, the importance of maintaining strong passwords, current cyberthreat trends, cyber hygiene, how to identify social engineering attempts like phishing, and so on. Security and compliance training solutions like BullPhish ID include video lessons about today’s biggest security and compliance topics, including nation-state attacks, that can help reduce your organization’s chance of experiencing a cybersecurity disaster.
Enhance cyber resilience with Unitrends
In today’s volatile cybersecurity environment, any business with an online presence is at risk. When it comes to cyberattacks, threat actors do not discriminate based on company size or vertical. Your business needs a robust cyber resilience strategy that enables you to prepare for, effectively respond to and recover from cyberattacks.
Unitrends Unified BCDR platform is augmented with AI-based features, such as ransomware detection, anti-phishing defense and dark web monitoring, designed to reduce the frequency and severity of security-related incidents and boost your organization’s cyber resilience.
Watch our on-demand webinar to find out how your business can achieve cyber assurance and IT resilience.
