The current political tensions around the world are creating precarious scenarios for governments, businesses and citizens alike. Threats come in all guises and cyber-warfare has moved firmly up the agenda.
Predictions made at the start of 2019 suggested that nation state attacks would rise in the future. What hadn’t been anticipated was how rapidly matters would accelerate.
The latest Radware Global Applications and Network Security report shows that at the end of 2019, over a quarter of companies had experienced a foreign government / nation state attack. In 2018, 19 percent of organizations believed they were attacked by a nation-state. That figure increased to 27 percent in 2019. It makes for sober reading and there is good reason to believe this will rise again.
It is predicted that future top targets will include government organisations, finance institutions, companies operating / investing in political hot spots around the world, energy industries and others associated to providing critical infrastructure like communications, transport links and the local councils and public sector organizations managing citizen or patient data.
Fake News is Also at Play
Linked to this risk, is another social phenomenon at play – the rise of fake news, particularly on social media forums.
In fact, research Radware ran with UK residents ahead of the 2019 General Election showed that 69 percent of people thought fake news had an influence on voters.
And they’d be right. As evidenced from past headlines and the security community’s research, fake news is influencing the outcome of global elections, demonstrating the lengths some nation state actors will go to in order to disrupt the status quo.
Complex, involved and sustained campaigns are being orchestrated to influence voter behavior by releasing sensitive information at crucial times – from when candidates are announced, to the crucial 24-hour window before voting happens.
Protection at All Costs
It’s obvious that governments need to be aware of the tactics at play and ensure systems, especially those that hold sensitive information, national secrets and citizen data are protected at all costs. However, organizations also need to be vigilant and actively manage their environment, balancing the need for good cyber-hygiene whilst mitigating against new threats. As we’ve seen with Travelex, effective patch management is the first line of defense and plays a vital role in maintaining a good security posture.
Understanding where your business fits into the big picture is a very worthwhile activity. Some will be a natural target because they have associations to the government, others may be at risk because of the company they keep. If your partners and suppliers are deemed a target then you could find yourself caught up in a game of cyber-dominos. Supply-chain attacks occur when cyber-criminals target your network as a route to get to suppliers, partners and the user base as a means to causing maximum impact.
There are of course a number of hacktivist groups undertaking campaigns motivated by the need to highlight social, economic or political inequalities. The Rio Olympics is a good example. The Anonymous group used it as a platform to highlight poverty and social injustice.
The World Cup in Qatar and the Olympics in Japan could stimulate similar activity. The sponsors through to comms providers and broadcasters need to be vigilant and anticipate an increase in potential threats, and integrate the mitigation steps into existing plans.
Energy, financial services and government are the sectors cited most often as ones that need to take more notice of the nation state threat. But manufacturing should also watch out. Trade secrets are valuable commodities in the pursuit of world trade domination. According to Swedish Security & Defence Industry Association, 94 percent of attacks in manufacturing are to steal trade secrets.
TTPs to Note
There are five major groups working at large consistently and it’s important to study them, their likely targets and their tactics. They are:
- ATP28 Russia – also known as Fancy Bear, Pawn Storm and Sofacy, is a cyber-espionage group associated with two Russian military intelligence agency units
- APT1 China – also known as Unit 61398 and the Comment Crew, is a cyber-warfare organisation associated with the Chinese People’s Liberation Army, with emphasis on targeting manufacturing, engineering and electronics.
- Lazarus Group North Korea – also known as Hidden Cobra, is a cyber-crime group associated with the North Korean government, responsible for various attacks over the past decade, including Ten Days of Rain, the 2014 Sony data breach, the WannaCry ransomware outbreak and the finance-targeted SWIFT attacks.
- APT33 Iran – also known as Elfin, is a suspected Iranian-backed cyber-espionage unit that targets government agencies, research firms, financial institutions and engineering companies in the US and Saudi Arabia.
- Equation Group US – a cyber-warfare and intelligence-gathering unit associated with the Tailored Access Operations (TAO) of the National Security Agency (NSA). This nation-state group has been in operation since 1998, monitoring and infiltrating enemies of the United States, both foreign and domestic.
As you can see, they have different briefs and use a variety of tactics. Understanding their motivations will uncover what you have to do to prepare, and help prioritize your steps to readiness and investment. This should be a priority for companies that are in the most vulnerable sectors, as well as those who have associations to them.
But one thing is for sure. Cyber-threats are not going to go away, but nor will any of the other risks we already face day in day out. There is no silver bullet. It will take skill and knowledge, technology and partnerships to make viable robust plans. So as well as being ready for the new more extreme scenarios it’s essential the basics are covered, otherwise no plan will ever repel the threat.
Note: A version of this article first appeared in SC Magazine.