Cyberwar Between Nation-States Damages Business

Businesses risk becoming “collateral damage” in nation-state cyber wars, acording to the lastest threat report from the experts at Crowdstrike
 
Revelations that North Korea is using “widespread and increasingly sophisticated” cyber-attacks to steal money highlight the risk of collateral damage from nation-state attacks, with one security expert warning that businesses are so highly interconnected that they run the risk of becoming targets if they don’t co-ordinate cybersecurity defence with partners and other stakeholders.
 
A confidential United Nations report suggested that North Korea has managed to steal up to $US2 billion ($A2.9b) to fund its military development by leaning on “widespread and increasingly sophisticated” cyber-attacks.
 
Those attacks, which targeted more than 35 banks and crypto-currency exchanges in 17 countries, highlighted the increasingly volatile state of nation-state attacks, which run the increasing risk of affecting connected but unrelated organisations.
 
“You don’t want to be the splash-back from an attack on somebody else,” Shawn Henry, a former FBI agent who now serves as president and CSO of CrowdStrike Services, recently told CSO Australia. “But because all of the networks are connected, the danger is very high for that to happen.”
 
That risk had also elevated because “much more brazen” adversaries “either are not afraid of being detected, or don’t think they are going to be detected,” he said. “And even if they are detected, they don’t believe there is going to be any type of retribution or accountability.”
 
This attitude had increased the present danger from nation-state attacks, in which a growing climate of often below-the-radar hacking had created a potentially disastrous new threat for both government bodies and corporations brimming with personal or commercially sensitive information.
 
Malicious organisations were being uncovered within governments around the world and, the recent CrowdStrike Global Threat Report   revealed, have resulted in average breakout times as low as 19 minutes for Russia-affiliated cybercriminals.
That’s just 19 minutes between initial compromise and lateral movement within a target network, putting additional pressure on CSOs to implement effective detection and response measures.
 
Highlights from the 2019 CrowdStrike Global Threat Report 
CrowdStrike dives deeply into the data to show attackers most favored TTPs of 2018 through the lens of MITRE ATT&CK™ framework.  
 
• Updates on global “breakout” time statistics, including observations on which adversaries showed the fastest tradecraft in 2018.
• No respite from nation-state threats: Nation-state adversaries were continuously active throughout 2018, targeting dissidents, regional adversaries and foreign powers to collect intelligence for decision-makers.
• The continued rise of “Big Game Hunting”, where cyber criminals combine advanced, targeted attack techniques with ransomware to achieve massive financial payoffs.
• The eCrime ecosystem continues to evolve and mature, showing increased collaborations between highly sophisticated criminal actors.
 
That pressure is further increased given that attack techniques were being adapted to reflect the relative vulnerability profiles of different regions. Malware, registry run keys and command line interface attacks, for example, were the most common attack vectors in the Indo-Pacific region. By contrast, malware constituted more than 75 percent of the attacks on Latin American targets and scripting was used in well over half of attacks on EMEA organisations.
 
These variations meant that there was no one-size-fits-all solution for detecting and managing such attacks, which get even harder to detect when cautious attackers ‘live off the land’ by relying on built-in system tools, such as PowerShell and JavaScript, whose very presence won’t set off red flags. Once the target is compromised, human attackers can take the controls to explore and target data to be exfiltrated.
 
“From what we have seen in the last two years or so, the adversary’s capability moved beyond malware to signature-less attacks where they use existing capabilities in the operating systems to move in the environment undetected,” Henry said.
 
Yet many organisations “are still asleep at the switch,” he added. “I see a lot of boards and CEOs who are very attentive and have a sense of urgency and understand the business risk, but I still bump into organisations that have a laissez-faire attitude about cyber-security and feel that they will deal with it if it happens....That type of attitude is just not acceptable.”
 
Those with such attitudes will be particularly held to account once they suffer a public breach at the hands of nation-state attackers who, despite diplomatic assertions to the contrary, continue to double down on their attack efforts and are rapidly changing both the tactics they use and their intensity.
 
Those changing tactics “have really made some significant changes in the whole ecosystem,” Henry said, “and organisations need to be protected in a way that is fundamentally different from what they have done historically.”
 
“There is the potential for things to escalate beyond proportionality, and we have to start a broader discussion about this if we
are going to curtail the use of what many experts say are a devastating and potentially existential deployment of weapons.”
 
Crowdstrike:       CSO:         
 
You Might Also Read: 
 
Shockwave - A Global Transformation In Warfare:
 
 
 
« Home Working Can Often Be A Security Threat
Over 60% of Enterprises Fail to Build Effective Cloud Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

LRQA Nettitude

LRQA Nettitude

LRQA Nettitude is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

Protectimus

Protectimus

Affordable two factor authentication (2FA) provider. Protect your data from theft with multi factor authentication service from Protectimus.

RCMP National Cybercrime Coordination Unit (NC3)

RCMP National Cybercrime Coordination Unit (NC3)

As set out in the Government of Canada's National Cyber Security Strategy, the RCMP has established the National Cybercrime Coordination Unit (NC3).

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Clario Tech

Clario Tech

Clario is a simple, comprehensive, personalized protection app. It comes with a full suite of intelligent security software and intelligent people to help you live a better, safer digital life.

Quantinuum

Quantinuum

Quantinuum is the combination of Cambridge Quantum with Honeywell Quantum Solutions, structured to drive the future of quantum computing.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

Hubify

Hubify

Hubify is an experienced, service-driven technology company specialising in business connectivity across mobile, data, voice, cloud, & cyber security solutions.

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.