How nation state actors are transforming their targets and gains

Hackers acting on behalf of nation-state powers are no longer just out to disrupt critical infrastructures – they’re also actively seeking trade secrets. New battle lines have been drawn across the world, and organisations need to tool up accordingly. The recently released Verizon Data Breach Investigations Report, VDBIR is a riveting case in point. It notes a sharp uptick in nation-state attacks, rising from 12% of all analysed breaches to 23% in the past year. Meanwhile, 25% of breaches are currently influenced by cyberespionage, rising from 13%.

Goals

Further research compiled by the Swedish Security and Defence Industry Association, SOFF not only echoes VDBIR’s 25% espionage figure, but also breaks down the issue by sectors.

Remarkably, 94% of all attacks currently aimed at the manufacturing industry are motivated by espionage, usually with the intent to steal trade secrets or to sabotage plants. Manufacturing – along with public administration and educational services – tend to aggregate large volumes of lucrative and highly sensitive data.

SOFF predicts that security researchers now spend 90% of their time looking into espionage-based targeted attacks. Ten years ago, they would have spent similar amount of time focusing on criminal campaigns.

The financial impact associated with data breaches, espionage-based or not, are too consequential for organisations to ignore. SOFF also adds that it is worth understanding how 90% of the impact caused by a cyberattack tends to be hidden (beyond the obvious outlay for mitigation, customer notification or legal action).

Techniques

In the last year alone, recent Infosec analysis shows an explosion of underground hacker marketplaces on the dark web. There are at least 300 hacker communities in existence, some with as many as half a million registered users, and packed to the gills with resources and disruptive tips.

Another alarming trend is that hackers acting on behalf of nation-states are also increasingly carrying out zero-day attacks. Cybersecurity Ventures research predicts there will be one zero-day attack a day, by 2021. Unfortunately, a zero-day attack is the first instance of a vulnerability being exploited and so, if adequate defences aren’t in place, organisations will have a messy clean-up operation on their hands.

Also, a favoured technique is phishing, whereby attackers trick employees into providing their credentials and log-in details via fraudulent emails and communication. Recent analysis from PhishMe found that phishing emails are responsible for 91% of cyber-attacks – a concerning trend, but one that can be reversed with adequate training mechanisms.

One step ahead

The number of state sponsored attacks is only going to rise with trends like 5G and IoT. New attack surfaces are always expanding for switched-on cybercriminals.

As you’d expect, a range of new technologies are emerging to aid the fightback. For example, AI solutions are being developed that can analyse all traffic in real-time, to spot unusual behaviours and anomalies previously unnoticed. These types of AI are explicitly designed to understand how traffic is meant to function, automatically flagging problems as they occur.

Whatever the technology mix looks like, both now and into the future, there will always be a need to apply security at every level and on every surface: endpoint, application, and infrastructure. Applications require consistent, intelligent and adaptable policies wherever they reside, on-premises, in the cloud or in a multi-cloud environment. Protecting perimeters is no longer enough. Modern authentication techniques, such as the “principle of least privilege” and two-factor authentication, should become the norm.

As ever, organisations should constantly review and update security settings and tools, running regular penetration tests to monitor and improve staff behaviour. Organisations also need to control wayward BYOD activity and ensure all staff are equipped with the tools they need to do they jobs safely. It is a dangerous world out there. Pre-emption, prevention and continuous education are the ways ahead.

Key takeaways

• Nation-state attacks have risen from 12% of all analysed breaches to 23% in the past year. Meanwhile, 25% of breaches are currently influenced by cyberespionage, rising from 13%.

• Another alarming trend is that hackers are increasingly carrying out zero-day attacks. A zero-day attack is the first instance of a vulnerability being exploited and so, if adequate defences aren’t in place, organisations will have a messy clean-up operation on their hands.

• The number of state sponsored attacks is only going to rise with trends like 5G and IoT.

• Organisations should constantly review and update security settings and tools, running regular penetration tests to monitor and improve staff behaviour.

• Pre-emption, prevention and continuous education are the ways ahead.

Tabrez Surve, Regional Director – Gulf, Levant & Turkey, F5 Networks warns that a new phase of cyber warfare has begun, and organisations need to tool up.