Cloud Hosting

Russia has long been regarded as notorious for international cyber threats, and this has only accelerated during 2022, as Ukraine has received an onslaught of online attacks ahead of a physical invasion.

In todays geopolitical climate, however, theres more than one nation state player where cyber threats will emerge.

Ultimately, for Western Five Eyes organisations those in the UK, US, Australia, Canada, and New Zealand the state actors most likely deemed as threats are Russia, China, Iran and North Korea.

Whilst we often focus on the individual capabilities of states themselves, we should be reminded that many criminal organisations carry out attacks either on behalf of nation states or under the protection of them.

The aims of these malicious actors are wide-ranging from the theft of intellectual property, intelligence gathering or even the disruption of another nations critical infrastructure.

But the bottom line is they will be looking to gain an upper hand, whether to develop technology, increase their countrys financial leverage or disrupt another nations means of defending itself.

Where cyber criminal organisations are used, their aim is almost always to profit financially but a nation state may specify the targets theyll turn a blind eye to, or which should be a priority. In some cases where there are economic sanctions on the nation state, they may also demand some of the profit be redistributed to the state itself.

Whilst we often talk about large-scale cyber attacks against critical national infrastructure, we shouldnt ignore one of the most common aims of nation states in the past few years to spread misinformation.

This has recently been demonstrated as a means of disrupting the democratic process in a way that favours that state, or once again enables them to profit financially.

These types of attacks are much harder to measure in terms of the scale and impact

These types of attacks are much harder to measure in terms of the scale and impact, but we cant overlook the potential influence these assaults have had on the world over the last several years.

Large organisations considered critical national infrastructure are at risk of being targeted by state actors (often referred to as advanced persistent threats) but, as seen in recent years, any organisation can be a victim of a nation state attack even if they arent targeted.

It may be that they become collateral damage after being vulnerable to a particular attack vector that the state is using, or that part of their supply chain has been compromised.

The proliferation of tools used by criminal groups will have a big impact, not just as a result of professional attacks, but due to smaller and less skilled hackers having more accessibility to the same methods. As such, the number of organisations that might be attacked will increase.

It should be made clear theres no single biggest threat in terms of the nation state because the landscape, objectives and capabilities of each actor change so quickly.

Focusing on one single nation state when its far more likely to be attacked by a criminal organisation will only create a false sense of security. Organisations must assess their own risk against the main threat actors and, in calculating the threats, they can prioritise defences against them accordingly.

Enabling protections such as firewalls and endpoint security are key for all organisations to maintain

Getting the basics right will go a long way in creating a foundation of cyber threat protection, no matter whether thats an attack from criminals or a state. The strategy should ensure that security and IT teams patch regularly alongside good identity and password management, and configuration of endpoints and networks against best practices. Enabling protections such as firewalls and endpoint security are also key for all organisations to maintain.

Additionally, ensuring your organisation can react quickly and sensibly if its compromised is essential. This means its important to have good backups that have been tested and are resilient to malware such as ransomware, as well as implementing good incident response and crisis management procedures.

Looking ahead at the cyber threat landscape, we should expect to experience more of the same as this approach has proved highly successful. Theres no need for a nation state to reveal their capabilities, or use a capability that once revealed can no longer be used if they can continue to impact other nations by proxy through criminal cyber organisations.

Instead, they focus their attacks on things that are less obvious gaining persistent access to an organisations networks to gather intelligence or steal intellectual property for example.

Weve seen a recent increase in supply chain attacks and thats likely to increase as more organisations seek to benefit from larger offerings, whether that be software or services, as the impact of compromising a single organisation can have a much wider impact.

In particular, weve seen an increase in attacks against vulnerable infrastructure such as routers and other internet-facing infrastructure that havent been maintained or are effectively end of life. Whilst many organisations have vulnerable internet-facing infrastructure or networks that are insecure once an attacker achieves initial entry, attackers need not necessarily use their advanced capabilities.

Criminal activity by its nature seeks to exact profit and the use of cryptocurrency may help to circumvent sanctions and other restrictions

We may very well see an increase in attacks by actors associated with Russia if economic sanctions continue. Criminal activity by its nature seeks to exact profit and the use of cryptocurrency may help to circumvent sanctions and other restrictions.

Whatever the future may present, organisations must remain as vigilant, collaborative and agile as possible working as a secure unit internally and with external partners in order to protect against cyber threats from nation states and their accomplices.

This piece was written and provided bySteve Forbes, a government cyber security expert at Nominet.

Editor's Recommended Articles

Follow this link:
Protecting against cyber threats from nation states - Open Access Government