The Evolution of Nation-State Cybercrime
You may have heard this term more frequently in the last year. In this post we’ll explain the basics of Nation-State Cybercrime and how it affects your business.
In the past this was only a matter of National Security, but Nation-State cybercrime has evolved to include all businesses as a potential target.
No longer within the scope of espionage, cyber criminals are expanding their work to disrupting supply chains, extortion, misinformation, and disabling infrastructure. 90% of nation-state cyber criminals regularly attack organizations in the private sector
Microsoft defines nation-state cybercrime as malicious cyberattacks that originate from a particular country to further that country’s interests. A few other key words you might hear concerning nation-state cybercrime include:
Nation-State Threat Actor– Nation-state threat actors are people or groups who use their technology skills to facilitate hacking, sabotage, theft, misinformation and other operations on behalf of a country. Threat actor types include: cyber criminals, hacktivists, state-sponsored hackers (arguably the most dangerous type), script kiddies, and disgruntled employees. In September of 2017, Equifax Inc. was the target of a cybersecurity breach involving Chinese hackers who managed to stay in the Equifax system for approximately 134 days before being detected. Nine in 10 (86%) organizations believe they have been targeted by a nation-state threat actor, ransomware being the preferred weapon in those attacks.
Advanced Persistent Threat (APT) – These are nationalist cybercrime outfits with sophisticated levels of expertise and significant resources that work to achieve the goals of the government that supports them, undertaking defined operations with specific goals that forward the objectives of their country. APT’s have expanded their scope of attack, hitting businesses that weren’t thought to be in danger of that kind of threat in the past. APT 41 or “Winnti” – which also goes by affiliate names BARIUM and Blackfly – remains one of the most prolific and successful Chinese state-sponsored threat groups. This cyber espionage campaign had been operating undetected since early 2019 and was finally discovered in April 2021. The FBI estimated in its report that the annual cost to the U.S. economy of counterfeit goods, pirated software, and theft of trade secrets is between $225 billion and $600 billion. The “big 4” sponsors of APTs are Russia, China, North Korea and Iran.
Infrastructure Attack – When nation-state actors conduct an infrastructure attack, they’re attempting to damage one of their country’s adversaries by disrupting critical services like power, water, transportation, internet access, medical care and other essential requirements for daily life. Infrastructure attacks are a major component of modern spycraft and warfare. In 2021, Colonial Pipeline made news with it’s devastating hit. This was a prime example of ransomware targeting a critical infrastructure industry. This ransomware attack halted all pipeline operations and the company ended up paying 75 bitcoin or $4.4 million to the hacker group in order to restore their systems.
There are many ways nation-state threat actors can incur damage. Threat actors are constantly seeking new ways to obtain information, strike targets and make money. A few of these methods include phishing attack, malware attack, ransomware attack, distributed denial of service attack (DDoS), and backdoor attack.
The U.S. Department of State cites “Vulnerabilities in technology and lack of sufficient attention to security by users provide cybercriminals with low-risk, high-reward opportunities for illicit gain, often enabled by insufficient regulation and weak enforcement by nation-states. ” This means every business today needs to take steps to increase their cybersecurity to prevent being infiltrated by these threat actors.
Nation-State cybercrime are multi-faceted attacks, and defenses must incorporate multiple security tools and techniques. These include:
- Email filtering — most attacks leverage phishing to gain initial access. Filtering emails, and blocking malicious links or attachments within emails, can stop these penetration attempts.
- Endpoint protection — all APT attacks involve takeover of endpoint devices. Advanced anti-malware protection and Endpoint Detection and Response can help identify and react to compromise of an endpoint by APT actors.
- Access control — strong authentication measures and close management of user accounts, with a special focus on privileged accounts, can reduce the risks of infiltration.
- Monitoring of traffic, user and entity behavior — can help identify penetrations, lateral movement and exfiltration at different stages of a cyber attack.
CloudSmart IT has taken all necessary precautions to protect small-mid sized businesses from cyber threats. With the latest in email encryption, password protection, back up internet connection, cloud storage or network security, using our highly trusted managed services you’ll be assured the latest in cyber threats is no match for our top notch security. We make set up and integrations easy and efficient! CloudSmart IT has the expertise and resources your business needs to stay cybersecure in a menacing and unrelentless cybercrime filled world. Contact us today and find out how our cybersecurity services can keep your business secured and out of the wrong hands.
Book a free Virtual Network Assessment to find out how protected your business is (or isn’t!). We’ll also look for any deficiencies in your network and set you up with a plan to keep you and your employees safe, including our weekly cybersecurity training videos and emails.