As the first half of 2022 comes to a close, cybersecurity remains a top priority around the world. From cyber tactics in play between Russia and Ukraine to new insider threat methods, developments in the cyber landscape continue to affect the global stage.
Dmitri Alperovitch, Executive Chairman at Silverado Policy Accelerator and Sandra Joyce, Executive Vice President at Mandiant Intelligence discussed the state of the global cyber threat landscape in a recent presentation at the RSA Conference. Among their findings, they discussed top cyber defense strategies and developments to watch in prolific threat regions.
Russia and Ukraine
"There is no bigger event today than the invasion of Ukraine by Russia in geopolitics or in cyberspace," said Alperovitch.
While the much-anticipated cyber war did not come to fruition, both Russia and Ukraine have used cyber tactics alongside physical warfare. From early cyberattacks by Russia on Ukraine governmental sites to attacks targeting Russia by Ukraine and its allies, cyberattacks and cybersecurity has played a large part in the conflict, but has not replaced physical acts of war, according to Alperovitch.
The actions of threat actors connected to China have brought to the forefront the importance of software updates and patching, according to Joyce. APT41, a threat actor Joyce described as "prolific," targeted U.S. state governments through a zero-day vulnerability present in software used by states to track cattle health and density.
A focus on patching software is critical to avoiding future breaches. "It's time to really accelerate the patching because threat actors can act within hours," said Joyce.
She emphasized that threat prioritization can simplify this task. "It's not every patch, it's those critical patches, things that can be deployed remotely, things that are being used in the wild," said Joyce.
"When we think about Iran, we know that they are targeting the defense industrial base. We also know that they have gotten very good at social engineering through social media," said Joyce. Threat actors connected to Iran have aged social media accounts to appear legitimate, according to Joyce. Actors in Iran have also used social media and other cyberattack methods to track dissidents, targeting "professors, women's rights activists, [and] people who have a different philosophy or agenda than they have," said Joyce.
This cyber tracking has physical ramifications. "The consequences of this are not just that they know where people are," said Alperovitch. "There's an allegation that was just released... about a dissident in Turkey that has been kidnapped by the Iranian Revolutionary Guard."
While Alperovitch and Joyce noted North Korea's relatively latent cyber activity during the COVID-19 pandemic, one aspect "that's been really interesting to watch is their attempts to infiltrate organizations remotely by trying to get hired inside of these companies, particularly in the Web3 and crypto space, where they're responding to advertisements," said Alperovitch.
This in-depth insider threat approach has often been foiled at the job interview stage, according to Alperovitch. To protect against this threat, "beef up your insider threat program and really focus on educating your HR folks and recruiters on what to look for when people are submitting resumes," said Alperovitch.