Global IT executives fear trickle-down of nation state cyberattacks

HP Wolf Security unveiled the results of a global study of 1,100 IT Decision Makers (ITDMs), which looked into their worries about growing nation-state threats. 72 per cent of respondents said they worry that nation-state tools and techniques could filter through to the darknet and be used to attack their business. Such fears, according to HP, are well-founded. In recent months, evidence has emerged that techniques deployed in the SolarWinds supply chain attack have already been adopted by ransomware gangs – a trend likely to continue.

“Tools developed by nation-states have made their way onto the black market many times. An infamous example being the Eternal Blue exploit, which was used by the WannaCry hackers,” comments Ian Pratt, global head of security, personal systems, HP. “Now, the return on investment is strong enough to enable cybercriminal gangs to increase their level of sophisticated so that they can start mimicking some of the techniques deployed by nation-states too. The recent software supply chain attack launched against Kaseya customers by a ransomware gang is a good example of this. This is the first time I can recall a ransomware gang using a software supply chain attack in this way.”

“Now that a blueprint has been created for monetising such attacks, they are likely to become more widespread. Previously, an Independent Software Vendor (ISV) with a modest-sized customer base that didn’t supply government or large enterprise may have been unlikely to become targeted as a stepping-stone in a supply chain attack. Now, ISVs of all types are very much in scope for attacks that will result in compromised software and services being used to attack their customers.”

Read: Web application exploits – ‘biggest cybersecurity risk’: Report

Beyond hackers, the study revealed that more than half (58 per cent) of ITDMs are concerned that their company would be a direct target of a nation-state assault. Another 70 per cent said they would become “collateral damage” in a cyber conflict. When it came to particular worries about a nation-state cyber-attack, sabotage of IT systems or data was the most common concern, expressed by nearly half of those polled (49 per cent). Other issues to consider were: disruption to business operations (43 per cent), theft of customer data (43 per cent), impact on revenues (42 per cent) and, theft of sensitive company documents (42 per cent).

Further highlighting this risk, a recently commissioned academic study by HP Wolf Security – Nation States, Cyberconflict and the Web of Profit – found that the enterprise is now the number one target for nation-state attacks. As Pratt comments: “This is a very real threat that organisations need to take seriously. Whether defending against a cybercriminal gang using nation-state tools and techniques, or a nation-state itself, organisations are facing an even more determined adversary than ever before. Businesses of all sizes need to re-evaluate their approach to managing cyber risk in the face of this. There is no single tool or technique that will be effective, so organisations must take a more architectural approach to security. This means mitigation through robust security architectures that proactively shrink the attack surface, through fine-grained segmentation, principles of least privilege, and mandatory access control.”

Read: The rising cost of cybercrime: Why businesses must invest in cybersecurity