HP Wolf Security released the findings of a global survey of 1,100 IT Decision Makers (ITDMs), examining their concerns around rising Nation State attacks: 72% of respondents said they worry that nation-state tools, techniques, and procedures (TTP) could filter through to the dark net and be used to attack their business. According to HP, such concerns are well-founded. In recent months, evidence has emerged that techniques deployed in the SolarWinds supply chain attack have already been adopted by ransomware gangs – a trend likely to continue.
“Tools developed by nation-states have made their way onto the black market many times. An infamous example being the Eternal Blue exploit, which was used by the WannaCry hackers,” comments Ian Pratt, Global Head of Security, Personal Systems, HP Inc. “Now, the return on investment is strong enough to enable cybercriminal gangs to increase their level of sophisticated so that they can start mimicking some of the techniques deployed by nation-states too. The recent software supply chain attack launched against Kaseya customers by a ransomware gang is a good example. This is the first time I can recall a ransomware gang using a software supply chain attack in this way.”
“Now that a blueprint has been created for monetizing such attacks, they are likely to become more widespread. Previously, an Independent Software Vendor (ISV) with a modest-sized customer base that didn’t supply government or large Enterprise may have been unlikely to become targeted as a stepping-stone in a supply chain attack. Now, ISVs of all types are very much in scope for attacks that will result in compromised software and services being used to attack their customers.”
Beyond the risk from cybercriminals, the survey found that more than half (58%) of ITDMs are worried their business could become a direct target of a nation-state attack. A further 70% believed they could end up being “collateral damage” in a cyberwar. When discussing specific concerns relating to a nation-state cyber-attack, sabotage of IT systems or data was the main worry, shared by almost half of respondents (49%). Other concerns included:
· Disruption to business operations (43%)
· Theft of customer data (43%)
· Impact on revenues (42%)
· Theft of sensitive company documents (42%).
Further highlighting this risk, a recently commissioned academic study by HP Wolf Security – Nation States, Cyberconflict and the Web of Profit – found that the Enterprise is now the number one target for nation-state attacks. As Pratt comments: “This is a very real threat that organizations need to take seriously. Whether defending against a cybercriminal gang using nation-state TTP, or a nation-state itself, organizations are facing an even more determined adversary than ever before. Businesses of all sizes need to re-evaluate their approach to managing cyber risk in the face of this. There is no single tool or technique that will be effective, so organizations must take a more architectural approach to security. This means mitigation through robust security architectures that proactively shrink the attack surface, through fine-grained segmentation, principles of least privilege, and mandatory access control.”
Nation States, Cyberconflict and the Web of Profit is available to download here.