State-Sponsored Cyber Attacks: The Modus Operandi and How to Protect your Enterprises from such Threats
State-Sponsored Cyber Attacks: The Modus Operandi and How to Protect your Enterprises from such Threats
State-Sponsored Cyber Attacks: The Modus Operandi and How to Protect your Enterprises from such Threats

“Disturbing” Rise in Nation-State Cyberattacks

Microsoft’s 2022 Microsoft Digital Defence Report focuses on the ‘rise in nation-state-sponsored cyberattacks. Threat actors from North Korea, Iran, Russia, China and other countries engage in ransomware, business email compromises, crypto theft, cyber-espionage, hack-and-leak attacks, and other types of attacks. There has been a spurt in such attacks over the last year. Russian attacks against Ukrainian infrastructure alone surged state-sponsored attacks from 20% to 40%. 

The main target of nation-state-sponsored attacks includes government departments, critical infrastructure, major IT companies, think tanks, and NGOs. In 2022, most of these attacks targeted entities in the U.S., U.K., Canada, Germany, UAE, Israel, India, Japan, Canada, and Switzerland.

The state-sponsored malicious actors have criminal, geopolitical, and financial interests. Often, these attacks are an extended front of warfare. Such attacks inflict economic harm and put lives at risk. More importantly, they undermine the trust so essential for the viability of an open Internet. Conventional cyber security measures cannot stop these aggressive and sophisticated threats. 

A rundown of the recent state-sponsored attacks

The most high-profile state-sponsored cybercrime in recent times was the attack on SolarWinds. The malicious actors compromised the infrastructure and slipped malware into an upgrade of the company’s Orion product. More than 18,000, including several U.S. government agencies, installed the upgrade and became compromised. The attack started in September 2019 but came to light only by December 2020. The attack not just raised the possibility of data theft and espionage but also that of a supply chain attack that could bring down industries and wreck economies. A Reuters report suspects nation-state hackers based in China behind the attack. 

Another recent flashpoint is the relentless cyber-attacks on Ukrainian government establishments. While Ukraine has been resilient in its recovery from successful attacks, the constant barrage of attacks remains a sore point and hinders the smooth running of the Internet.

A large part of the nation-state-sponsored cyber-attacks is for espionage and surveillance purposes. Of late, nation-state actors have also started weaponising cyber attacks to spread destruction. A case in point is Iranian attackers setting off emergency rocket sirens in Israel. Iranian actors have also been engaging in destructive ransomware attacks. The victims face a double whammy of losing the ransom and not receiving the keys to retrieve their data even when the victims pay up the ransom. Iranian attackers have also targeted U.S. critical infrastructure targets such as port authorities. In September 2022, the Albanian government cut diplomatic ties with Iran following a July 15 ransomware attack that shut down several Albanian government services and websites.

During the first half of 2022, North Korea’s attackers launched several attacks worldwide to steal technology from aerospace companies and researchers. One enterprising actor tried to infiltrate global news organisations to influence public opinion and perception. Others made several attempts at cryptocurrency firms to steal funds to support the country’s struggling economy.

In 2022, India bore the brunt of several attacks on government agencies and healthcare establishments such as AIIMS. Rogue actors from Malaysia and Chinese threat actors were behind many of these attacks.

Cybercriminals can make such attacks at will owing to the poor cyber hygiene of most companies and government entities. 92% of the victims of these attacks did not have robust data loss protection measures. 84% of the victims did not integrate multi-cloud environments into security operations.

The global response

There is a pressing need to strengthen cyber security surrounding digital processes. But preventing cyber attacks, especially state-sponsored ones, is now beyond any enterprise’s scope. The onus is on nation-states to stop the proliferation of malicious tools and software. 

An effective fight back against the menace of state-sponsored attacks requires countermeasures at the global level. There is a realisation of such a concentrated effort.

The United Nations Group of Governmental Experts on Developments in the Information and Communication Technology field acknowledged the dangerous implications of nation-state supply chain attacks as early as 2015. The convention asked nation-states to ensure supply chain integrity to preserve confidence in information and communication technology products. 

The Paris Call for Trust and Security in Cyberspace, 2018, also acknowledges the importance of supply chain security. The convention stressed the need for cooperative measures to thwart malicious tools and practices proliferation. The signatories agreed to a commitment to work together to promote a safe and secure cyberspace for all. 

State-Sponsored Cyber Attacks: The Modus Operandi and How to Protect your Enterprises from such Threats

The countermeasures

While nation-states get their act together, individuals and enterprises can do their part to protect their networks. Enterprises that keep their systems secure avoid becoming unwitting victims of state-sponsored attacks.

Get the basics right.

The first step is to get the basics of security right. Multi-factor authentication, zero-trust architecture, endpoint detection and response (EDR), and data protection measures thwart most attacks.

System updates

System upgrades and updates are essential to plug vulnerabilities and keep attackers at bay. But attackers have been using this very mechanism to gain entry. The proliferation of fake updates slipped in by rogue actors raises suspicions about any update. 

The onus is on the enterprise to provide real updates to users through authentic channels. They also need to educate users on how to spot fake updates. 

Migrate to the cloud.

Until not too long ago, most enterprises considered cloud security a weak point and one of the factors that inhibited cloud migration. But cloud security has come a long way. Cloud subscribers now enjoy top-notch security technology. They also get complete visibility to defend against the most advanced cyber-attacks. Ukraine’s resilience against relentless cyber attacks owes a big deal to its servers in the cloud. Migration to the cloud also saved Ukraine’s cyber assets from physical attacks on data centres.

But state-sponsored attacks are going to get worse. Experts believe that the next targets for these threat actors are cloud services. Enterprises need to take their cloud security more seriously than before. 

Threat intelligence sharing

Cyber security experts use threat intelligence sharing to gauge threats and strengthen security.

Early disclosure and information sharing increase transparency of nation-state activity. This becomes the stepping stone to further global dialogue to protect the Internet. Elevating attention raises awareness among enterprises and prompts them to take actionable countermeasures.

Ukraine’s robust communication system involving the government, CERT and the private sector ensured resilience. It enabled speedy recovery from crippling attacks. 

Attacks on the availability and integrity of online data and services highlight the need for a constant vigil and sustained efforts to protect networks. Governments need to regulate cyberspace behaviour and enforce accountability. Individuals end enterprises need to be abreast of the innovations that will thwart the latest threats.

Tags:
Email
Twitter
LinkedIn
Skype
XING
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.