Nation-State Cybercrime is Everyone’s Problem Now
Conventional military tools are no longer the only weapons of war that nations wield. Today’s conflicts also include a significant cyberattack component. The world has been shown an example of how nation-state hacking can be used against an adversary in the last few weeks. That leaves many people wondering if the cyber activity that preceded the current conflict between Russia and Ukraine is an example of what we can expect to see in the future of international conflict and how that could impact businesses.
The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>
Ukraine is the Second Most Attacked Country in the World
The Russia-Ukraine conflict has been heralded by a blizzard of cyberattacks, primarily waged by Russia-aligned threat actors against Ukraine. That blizzard has won Ukraine the unwelcome designation of the second most cyberattacked country in the world (the US is #1). Following an inaugural spate of cyberattacks against Ukrainian government agencies in December 2021, another flood of denial of service (DDoS) attacks was perpetrated by suspected nation-state cybercriminals associated with Russia and Belarus in January 2022, crippling the websites of Ukrainian government agencies and at least two major banks. That attack was categorized as the largest in Ukrainian history.
But they weren’t finished. ESET announced on February 23 that they’d uncovered data wiping malware at work that had allegedly been at work for months, infecting hundreds of machines. Reuters reported that a copy of the malware in question was uploaded to the crowdsourced cybersecurity site VirusTotal, giving cybersecurity professionals the opportunity to dissect it. The same day, the websites of Ukraine’s government, foreign ministry and state security service were knocked offline in a fresh onslaught of DDoS attacks that also impacted Ukraine’s parliament and multiple banks according to Ukrainian officials. The Security Service of Ukraine (SSU) reported that most of the impacted resources were restored and that no data was stolen.
The cyberattack component of this conflict is not new. Sky News offers an excellent timeline of cyberattacks believed to be launched by Russia against Ukraine leading to this point. Two power outages in Kyiv in 2015 and 2016, several incidents of disruption of government online services, probable election interference and targeting of Ukrainian military assets for intelligence purposes have all featured in the Russia-Ukraine saga since Russia annexed Crimea in 2014. Experts also agree that Russia is responsible for the legendary NotPetya malware plague, originally launched against Ukrainian companies before spiraling out of control. However, even though the cyber portion of the Russian-Ukrainian conflict has been going on for some time, the current series of events has led to unprecedented circumstances that have created heightened risk for businesses worldwide.
Be the hero that defeats a company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>
Red Flags Are Flying High
The US Cybersecurity & Infrastructure Security Agency (CISA) has not equivocated about the danger that cyber activity of this sort could present to businesses outside of Ukraine. In their “Shields Up” advisory released last week, CISA identified Russia as a potential aggressor against US businesses in the nation-state cybercrime arena right now, saying that they are “mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.” The agency also issued a strong reminder to organizations that may think they’re in the clear because they don’t conduct business in Ukraine, stating “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.” The advisory goes on to recommend that all organizations regardless of size or industry adopt a heightened cybersecurity posture. UK officials also warned UK businesses that they were at heightened risk of potential Russian-aligned cybercrime activity this week.
That CISA advisory was hot on the heels of another one that called out Russia as a potential source of cyberattacks, against US defense contractors. CISA, the US Federal Bureau of Investigation (FBI) and the US National Security Agency (NSA) issued an advisory warning that US defense contractors and the Defense Industrial Base (DIB) are at heightened risk of trouble. The advisory bluntly states that those agencies have “observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources.” Some focus areas were called out specifically including U.S. Department of Defense (DoD) and Intelligence Community contractors in command, control, communications and combat systems, intelligence, surveillance, reconnaissance, and targeting, weapons and missile development, vehicle and aircraft design and software development, data analytics, computers, and logistics.
Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work. DOWNLOAD IT>>
How This Cyber Activity Could Endanger Businesses Outside of Ukraine
Nation-state cybercriminals aren’t just focusing on official targets like government agencies or militaries anymore. They’ve stepped up their efforts as they branched out – nation-state cybercrime has doubled since 2017. In the most recent waves of attacks by Russia-backed threat actors, banks and other organizations outside of the “official” sphere were on the list. An estimated 90% of Advanced Persistent Threat Groups (APTs) regularly attack organizations outside of the government or critical infrastructure sectors. In fact, Enterprises are now the most common targets of state-sponsored cybercriminals.
|Targets of Nation-State Cyberattacks||% of Total|
|Cyber Defense Assets||25%|
|Media & Communications||14%|
Can you spot a phishing email? This infographic shows you how to detect one! DOWNLOAD IT>>
Danger is Headed to an Inbox Near You
How are nation-state cybercriminals most likely to attack businesses? Through spear phishing and ultimately, ransomware or other malware. Ransomware is the preferred weapon of nation-state cybercriminals. These days, they don’t even have to do the phishing themselves; it’s easy and cheap to hire freelancers or smaller cybercriminal gangs to run everything from run-of-the-mill phishing scams to sophisticated spear phishing operations in the booming Cybercrime-as-a-Service economy that thrives on the dark web.
Make Smart Security Choices Now to Avoid Trouble Later
CISA recently recommended that companies step up their security awareness training programs to combat the current tide of ransomware and phishing threats. The newly revamped BullPhish ID is the ideal choice.
- Security awareness and compliance training helps prevent expensive cybersecurity incidents and compliance failures
- Empower employees with the knowledge that they need to spot and stop the threat they see the most: phishing
- At least 4 new training videos are added every month on the latest security and compliance issues.
Stop credential compromise threats before they start by ensuring that your company isn’t going to receive a nasty surprise from the dark web with the leading dark web monitoring solution in the channel, Dark Web ID.
- 24/7/365 monitoring that you can feel confident about
- Real-time analysis alerts you to trouble fast
- Monitor business and personal credentials, domains, IP addresses and email addresses
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID or Graphus now!