State-sponsored hackers consistently stay one step ahead in cybersecurity conflicts
In a world where the lines between criminal hacking groups and nation-states are becoming increasingly blurred, discerning between a pure nation-state attack and a proxy attack is no easy feat. According to recent research from Vanson Bourne, Trellix, and the Center for Strategic and International Studies, nation-state threat actors are targeting organizations with growing persistence and mission-orientation, making them difficult to defend against.
The study, based on a survey of 800 IT decision-makers across the U.S., Australia, France, Germany, India, Japan, and the U.K. during November and December 2021, reveals that 86% of respondents believe their organizations have been targeted by a nation-state threat actor. Three-quarters of them suspect a nation-state actor targeted their organizations in the 18 months prior to the study, but only one-third have a high degree of certainty.
The increased threat of attacks linked to Russia's war in Ukraine has kept critical infrastructure providers on high alert for months. The FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency have repeatedly warned critical infrastructure providers about the risk of ransomware or state-sponsored attacks against energy, telecom, or other sensitive targets in the U.S. or NATO allies.
The research indicates that nation-state threat actors, unlike their criminal counterparts, are not motivated by financial gain and have a great deal of sophisticated resources and patience. As seen during the SolarWinds attack, blamed on Russia, these actors can lurk inside a compromised network for months without detection.
Allie Mellen, analyst at Forrester, emphasises this point, stating that nation-state threat actors are persistently and mission-oriented, making them difficult to defend against. Lisa Monaco, deputy attorney general at the U.S. Department of Justice, also highlights the growing collaboration between criminal hacking groups and nation-states, making it harder to discern between a pure nation-state attack and a proxy attack.
Perpetrators of nation-state attacks can mask their origin, providing a level of deniability. This, coupled with the sophistication and persistence of these attacks, creates a significant gap between the risk posed by nation-state threat actors and the ability of organizations to defend against them.
Corporate stakeholders are increasingly concerned about understanding the risk calculus of their technology stacks, addressing the question: Are we a target? Many IT security leaders have high confidence in their ability to trace the source of an attack, but data reveals this confidence may be misplaced.
In light of these findings, the evolving role of CISOs involves better understanding the risk presented by nation-state threat actors to their organizations. Moreover, 9 in 10 respondents expressed a desire for governments to provide additional support to protect critical infrastructure.
The nation most likely responsible for the majority of recent attacks targeting critical infrastructure in the USA and other NATO allies over the past 18 months is Russia. However, the blurred lines between nation-states and threat actors operating on their behalf make attribution a complex and challenging task.
In conclusion, the increasing sophistication and persistence of nation-state threat actors pose a significant risk to global infrastructure. As the lines between nation-states and their proxy actors continue to blur, it is crucial for organizations to adapt their defences and for governments to provide additional support to protect critical infrastructure.
