How To Handle Nation-state Cyberattacks On The Enterprise
In December 2020, Microsoft began sharing information with the cybersecurity industry on what would become widely recognized as the most sophisticated nation-state cyberattack in history. NOBELIUM, a group of Russia-based hackers, gained access to multiple enterprises through vulnerable software code, stolen passwords, compromised on-premises servers, and minted SAML tokens.
How to handle nation-state cyberattacks on the enterprise
Historically, nation-state actors directly targeted infrastructure, think tanks, and governments of other countries. However, as organizations improve their defenses, sophisticated actors look for new ways to gain access to their targets through the vendors, software, and networks they rely upon. Enterprises are also increasingly at risk of attacks as nation-state actors expand their objectives to pursue intellectual property theft. As a result, enterprises are often targeted by nation-state actors attacking the networks of their customers, partners, or vendors through their own network or software. The Microsoft Threat Intelligence Center, which collects billions of data points to gather threat intelligence, has observed that enterprises are increasingly at risk of these attacks.
An analysis of nation-state cyberattacks between 2017 and 2020 reveals that just over a third of organisations targeted were businesses: cyber defence, media, government and critical infrastructure are all also common targets in these attacks, but enterprise has risen to the top of the list.
According to the Microsoft Digital Defense Report, June 2020 to June 2021 was a big year for nation-state cyberattacks against the United States. Incidents like the SolarWinds attack brought new focus to the security of the supply chain and highlighted the need to respond to new techniques used by nation-states to compromise the digital security of federal agencies and contractors.
Among Microsoft account holders, the groups primarily targeted by nation-state cyberattacks range from journalists to political organizations. And, in 2020, a number of organizations involved in COVID relief efforts have been targeted.
SMBs within the government and technology sectors are among those most concerned about nation-state cyberattacks on their business in 2020. Executives within these industries also have the highest propensity to increase their cybersecurity budgets in 2020, with 77 percent of technology SMBs and 76 percent government SMBs planning to increase their budgets in the coming year.
Financial institutions (FIs) have historically been at the center of enterprise cybersecurity, considering the massive amounts of cash and customer data they process. Moreover, the financial, regulatory, and reputational implications of cyberattacks require FIs to invest in cybersecurity.
Organized cybercriminal groups collaborate and share attack tactics, techniques, procedures (TTPs), tools, and resources to compromise financial institutions, resulting in an increase in cyberattacks. Moreover, nation-state attack campaigns reflect global geopolitical tensions, which have fueled a growth in cyber activity targeting governments, militaries, and the business sector, according to the Navigating Cyber 2022 report of the Financial Services Information Sharing and Analysis Center (FS-ISAC) [24]. For example, the war in Ukraine, ongoing protest activity in Hong Kong, and North Korea's continued missile launches could result in cyber activity against various targets in the US, the UK, and the EU, among other places. Retaliation may take the form of denial of service (DoS) attacks, spearphishing, destructive malware, or vulnerability exploitation attacks.
In the current, connected digital landscape, cybercriminals use sophisticated tools to launch cyberattacks against enterprises. Their attack targets include personal computers, computer networks, IT infrastructure and IT systems. And some common types of cyberattacks are:
If successful, cyberattacks can damage enterprises. They can cause valuable downtime, data loss or manipulation, and money loss through ransoms. Further, downtime can lead to major service interruptions and financial losses. For example:
This white paper examines the escalation of cyberattacks against telecom operators by nation-states and private actors. It reviews the more advanced and complex threat vectors in use against national infrastructure, including telecom networks, providing guidance on how best to defend against them.
The unfolding crises in Ukraine has exposed new facets of nation-state conflicts that have impacts far beyond the immediate geographic region. As a global company, we have tremendous empathy for all who are harmed, displaced, or otherwise negatively impacted by the ongoing attacks, including many of our extended F5 family. Without overlooking the very real, very human aspects of the Russia-Ukraine conflict, we have also been asked by customers to provide guidance on the kinds of cyberattacks that they may see more of in the days to come, in light of recent events. Accordingly, the piece below intends to address those inquiries in a straightforward, respectful, and practical manner.
The role of cyberattacks in nation-states conflicts have given rise to new cybersecurity concerns on a different scale than many organizations have dealt with traditionally, further highlighting the importance of defending against sophisticated attacks through a proactive cybersecurity strategy.
In practice this leads to nation-states actors developing exploits that target the Internet (and critical services) infrastructure of other nations on a continuous basis. While the most immediate scenarios that come to mind are geopolitical conflicts between nation-states, many of the same principles must now be broadly applied to traditional enterprise security practices, particularly as nation-states often will attack a combination of government and private-sector Internet resources as a means to destabilization. Accordingly, targeted cyberattacks pose a significant threat both to the integrity of nations and also those attempting to conduct any related business efforts with (or within) a targeted geography. This has led to proactive and continuous cybersecurity as a heightened need for all types of organizations.
Broadly speaking, nation-state adversaries launch targeted cyberattacks to severely diminish the infrastructure of nation-states and disrupt the functionality of their Internet systems, which in turn can impact the financial and military infrastructure. Figure 1 highlights an example of a targeted attack (in this case, phishing) in action.
Adversaries conduct a wide variety of attacks during nation-states conflicts, with digital threats posed alongside those of a traditional physical nature. Today's nation-states are well-versed in carrying out multiple sets of cyberattacks, with prominent examples discussed below:
The accelerated pace of digital transformation has resulted in the adoption of modern applications by governments and organizations to achieve operational efficiency. However, these applications require protection against advanced cyberattacks, which can be targeted or broad-based in nature. It becomes even more relevant during times of nation-states conflict to ensure that critical applications can be kept available. Governments, and all organizations, should remain vigilant with the following key points to consider: