Published on 19th April 2022
By Hugh Raynor, Senior Cybersecurity Consultant at SureCloud
For some years now, geopolitical conflicts have been as much about bits and bytes as they have boots and bullets. The digital landscape has become a battleground in its own right, with state-sponsored cyberattacks becoming increasingly common. From social engineering and spear-phishing, right through to the highly-technical exploitation of zero-day vulnerabilities, nation-state threat actors tend to be sophisticated, organized and well-funded.
They also tend to have very specific targets in mind, whether it’s destabilizing a rival country’s economy by attacking its financial sector, or sparking civil unrest by attempting to disrupt its supply of food or its ability to provide adequate healthcare. However, that doesn’t mean there cannot be collateral damage.
In the run-up to Russia’s invasion of Ukraine, there was a 1,885% increase in attacks on government targets, a 775% increase in attacks on healthcare providers, and a 152% increase in attacks on the education sector.
The conflict in Ukraine, for instance, has increased the “spillover” risks of global cyberattacks considerably. While nearly 9 in 10 cyberattacks worldwide are currently targeting Russian or Ukrainian organizations, the fallout from those attacks is likely to impact the entire global threat landscape. While the NCSC advised there are no direct threats to UK organizations as a result of the conflict, it did emphasize that companies should still be taking action now to bolster their cyber resilience.
Just because state-sponsored cybercriminals are currently targeting government organizations, it doesn’t mean private corporate entities are safe. Software supply chain attacks, such as last year’s SolarWinds breach, can impact tens of thousands of businesses in pursuit of an actual target. The SolarWinds breach, suspected to have been orchestrated by Russian actors, not only impacted government organizations like the Department of Justice and the Pentagon, it affected more than 10,000 businesses across a variety of sectors.
The risk of collateral damage from state-sponsored cyberattacks is something that every business in every sector should be mindful of when reviewing their security controls and risk posture.
The fallout from cyber warfare isn’t a new threat. In the past decade, there has been a 440% increase in global cyber warfare attacks, with businesses often getting caught in the crossfire. As government organizations, private companies, and the software supply chains that connect them, get ever more sophisticated and interdependent, the risk to all organizations increases – not just those that are targeted.
We’ve already established that, whether targeted or not, your organization is more at risk given the situation in Ukraine right now. Whether your organization is likely to be a target of nation-state actors or not, now is the time to increase cyber resilience and the robustness of your default risk posture.
Organizations must start viewing the threat landscape holistically rather than as a sequence of individually targeted attacks.
The principle of zero trust or “least privilege”, for instance, should be a core part of any organization’s overall security policy and culture. We live in an age where even relatively trivial and basic settings such as DNS entries can be hijacked and used by attackers to gain access to a company’s intranet.
Zero trust is useful because when hackers do breach a network they very rarely land in the place they intended to be, which means they often move laterally around a network until they find what they are looking for. By employing zero trust as well as other measures such as multi-factor authentication, organizations can stop these lateral movements and limit the amount of potential damage an attacker can do.
Raising staff awareness of phishing tactics should also be a bare minimum for organizations looking to minimize their exposure to threats like ransomware. These attacks leverage social engineering and are almost 100% dependent on staff overlooking minor details or being too open to persuasion.
According to reports, 91% of all successful data breaches in 2021 began with a spear phishing attempt, and 84% of those were ransomware-based.
What makes spear phishing more effective than regular phishing scams is that spear phishing is usually more sophisticated and highly targeted in nature. Whereas regular phishing will be a “shot in the dark” numbers game, hoping that some employees fall for a fraudulent email or click on a bad link, spear phishing will usually involve tailoring emails to a specific individual, leveraging any kind of intelligence to make the email seem more genuine. This makes standard automated phishing prevention tools less effective, meaning your organization needs to increase its vigilance, training and overall awareness.
While technology can evolve, becoming more accurate and efficient with each new iteration, humans and their proneness to error and misjudgment will remain constant. This is why spear phishing and social engineering are still core tactics employed by threat actors – humans will always be the weakest link in the security chain.
It’s become clear in recent years that international conflicts such as Russia’s war on Ukraine serve as an accelerant for cybercrime in general. State-sponsored attacks move the needle and often lead to new cyberattack methods, facilitating the rise of ransomware-as-a-service, which has the potential to ultimately impact every business on the planet.