9 in 10 Organizations Have Been Targeted by Nation-State Cybercrime
Nation-State Cybercrime is a Growing Threat. Are You Ready for It?
Nation-state cybercrime has been at the forefront of tech news thanks to an unprecedented amount of activity spurred by Russia’s invasion of Ukraine. But while it may be getting more headlines lately, it’s been a major threat to businesses for years, and that threat is escalating. Nation-state cybercriminals have steadily increased their scope of work, putting organizations in every sector in danger of a nation-state attack. A recent study by Trellix and the Center for Strategic and International Studies (CSIS) revealed that nearly nine in 10 (86%) organizations believe they have been targeted by a nation-state threat actor.
Excerpted in part from our eBook How Nation-State Cybercrime Affects Your Business DOWNLOAD IT>>
Where Are Nation-State Threats Coming From?
Many of the surveyed companies suspect that specific state-aligned groups of threat actors are behind the threats they’ve encountered, but they don’t feel confident in their ability to make that determination. Only 27% of survey respondents felt like they could accurately determine whether or not a cyberattack has nation-state origins. How are nation-state cybercriminals most likely to attack businesses? Through spear phishing and ultimately, ransomware or other malware. Ransomware is the preferred weapon of nation-state cybercriminals.
The majority of those hazarding a guess landed on Russia (39%) and China (35%) as the most likely perpetrators of the attacks that they experienced. They also see Russia and China as the most likely points of origin for nation-state attacks that threaten their organization in the next 18 months. If the pattern of nation-state attacks in 2022 follows the lines of nation-state cybercrime in 2021, that’s a pretty fair assessment.
Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>
The Players on the Scene
Many nations around the world are involved in nation-state cybercrime to further their political, ideological or financial goals. Sometimes, it’s a combination of all of those reasons that spurs nation-state action. These facts about countries that are active in the nation-state cybercrime space offer a quick overview of the ecosystem and how it impacts business risk.
In the 2021 Microsoft Digital Defense Report, the company shared valuable insight on the activities of nation-state cybercriminals in 2021 and how their attack patterns are evolving.
- 58% of all nation-state attacks in the last year were launched by Russian nation-state actors
- Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021
- After Russia, the largest volume of attacks observed came from North Korea, Iran and China; South Korea, Turkey (a new entrant) and Vietnam were also active but represent much less volume.
- 21% of attacks observed across nation-state actors targeted consumers
- 79% of attacks observed across nation-state actors targeted enterprises
Get a step-by-step guide to building an effective security and phishing awareness training program. GET GUIDE>>
The Field is Crowded
The International Institute for Strategic Studies classified the strategic or nation-state cyber capabilities of 15 countries and published its findings in the whitepaper Cyber Capabilities and National Power: A Net Assessment. The countries were ranked based on their proficiency in key areas and their development of effective technology that facilitates nation-state cyber activity. The “big 4” sponsors of nation-state cybercrime groups are Russia, China, North Korea and Iran.
Tier 1: The United States
Tier 2: Australia, Canada, China, France, Israel, Russia and the United Kingdom
Tier 3: India, Indonesia, Iran, Japan, Malaysia, North Korea, and Vietnam
Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>
Examples of Nation-State Cyberattacks Directly Impacting Businesses
The Center for International and Strategic Studies has an excellent breakdown on recent notable nation-state cybercrime activity that impacted private industry.
March 2022. An attack on a satellite broadband service run by the American company Viasat disrupted internet service across Europe, impacting Ukrainian military communications at the start of the Russian invasion. The attackers hacked satellite modems belonging to thousands of Europeans to disrupt the company’s service.
February 2022. Researchers identified campaigns by two North Korean government-backed groups targeting employees across numerous media, fintech and software companies. The hackers used phishing emails advertising fake job opportunities and exploited a vulnerability in Google Chrome to compromise the companies’ websites and spread malware.
February 2022. In the days before Russian troops invaded Ukraine, Russian threat actors distributed data-wiping malware to one Ukrainian financial institution and two government contractors. A DDoS attack also knocked Ukraine’s two largest banks offline. At the same time, nation-state actors conducted a misinformation effort during which Ukrainian citizens received spam text messages claiming that ATMs were not working.
February 2022. Multiple oil terminals in some of Europe’s biggest ports across Belgium and Germany fell victim to a cyberattack, rendering them unable to process incoming barges. A ransomware strain associated with a Russian-speaking hacking group was used to disrupt the ability of energy companies to process payments.
Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>
February 2022. An investigation led by Mandiant discovered that hackers linked to the Chinese-government compromised email accounts belonging to Wall Street Journal journalists. The hackers allegedly surveilled and exfiltrated data from the newspaper for over two years beginning in at least February 2020.
February 2022. A U.N. report claimed that North Korea hackers stole more than $50 million between 2020 and mid-2021 from three cryptocurrency exchanges. The report also added that in 2021 that amount likely increased, as the DPRK launched 7 attacks on cryptocurrency platforms to help fund their nuclear program in the face of a significant sanctions regime. North Korea pulled in an estimated $1 billion in revenue from nation-state cybercrime in 2021.
January 2022. A Chinese hacking group breached several German pharma and tech firms. According to the German government, the hack into the networks of service providers and companies was primarily an attempt to steal intellectual property.
October 2021. A US company announced that the Russian Foreign Intelligence Service (SVR) launched a campaign targeting resellers and other technology service providers that customize, deploy and manage cloud services.
Be the hero that defeats a company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>
High-Risk Sectors
A study by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and sponsored by HP, Nation States, Cyberconflict and the Web of Profit shows that nation-state cybercrime risk is growing fast. The researchers’ analysis of over 200 cybersecurity incidents associated with nation-state threat actors since 2009 also shows the shift in their targeting to become a serious threat to businesses. Enterprise is now the most common target of state-sponsored cybercriminals, beating out government-associated targets by a substantial margin.
| Targets of Nation-State Cyberattacks | % of Total |
| Enterprises | 35% |
| Cyber Defense Assets | 25% |
| Media & Communications | 14% |
| Government Bodies | 12% |
| Critical Infrastructure | 10% |
Source: Dr. Mike McGuire and HP, Nation States, Cyberconflict and the Web of Profit
The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>
Put the Right Solutions to Work for You to Avoid Nation-State Trouble
Step up your security awareness training program to create a powerful defense against all kinds of cyberattacks, even nation-state attacks. The newly revamped BullPhish ID is the ideal choice.
- Security awareness and compliance training helps prevent expensive cybersecurity incidents and compliance failures
- Empower employees with the knowledge that they need to spot and stop the threat they see the most: phishing
- At least 4 new training videos are added every month on the latest security and compliance issues.
Stop credential compromise threats before they start by ensuring that your company isn’t going to receive a nasty surprise from the dark web with the leading dark web monitoring solution in the channel, Dark Web ID.
- 24/7/365 monitoring that you can feel confident about
- Real-time analysis alerts you to trouble fast
- Monitor business and personal credentials, domains, IP addresses and email addresses
Don’t just take our word for it, see what these customers have to say: https://www.idagent.com/case-studies/
Get ready to pack your bags for Connect IT 2022! Join us June 20-23 in Las Vegas for the industry’s premier event! REGISTER NOW>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>
See Graphus in action in an on-demand video demo WATCH NOW>>
Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!