HP Wolf Security released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business.
Such concerns are well-founded. In recent months, evidence has emerged that techniques deployed in the SolarWinds supply chain attack have already been adopted by ransomware gangs – a trend likely to continue.
“Tools developed by nation states have made their way onto the black market many times. An infamous example being the Eternal Blue exploit, which was used by the WannaCry hackers,” comments Ian Pratt, Global Head of Security, Personal Systems, HP.
“Now, the return on investment is strong enough to enable cybercriminal gangs to increase their level of sophisticated so that they can start mimicking some of the techniques deployed by nation states too. The recent software supply chain attack launched against Kaseya customers by a ransomware gang is a good example of this. This is the first time I can recall a ransomware gang using a software supply chain attack in this way.”
“Now that a blueprint has been created for monetising such attacks, they are likely to become more widespread. Previously, an independent software vendor (ISV) with a modest-sized customer base that didn’t supply government or large Enterprise may have been unlikely to become targeted as a stepping-stone in a supply chain attack. Now, ISVs of all types are very much in scope for attacks that will result in compromised software and services being used to attack their customers.”
Rising nation state attacks a major concern
Beyond the risk from cybercriminals, the survey found 58% of ITDMs are worried their business could become a direct target of a nation state attack. A further 70% believed they could end up being “collateral damage” in a cyber war.
When discussing specific concerns relating to a nation state cyberattack, sabotage of IT systems or data was the main worry, shared by 49% of respondents. Other concerns included:
- Disruption to business operations (43%)
- Theft of customer data (43%)
- Impact on revenues (42%)
- Theft of sensitive company documents (42%).
Further highlighting this risk, a recent academic study by HP Wolf Security found that the enterprise is now the number one target for nation state attacks.
As Pratt comments: “This is a very real threat that organizations need to take seriously. Whether defending against a cybercriminal gang using nation state TTPs, or a nation state itself, organizations are facing an even more determined adversary than ever before. Businesses of all sizes need to re-evaluate their approach to managing cyber risk in the face of this.
“There is no single tool or technique that will be effective, so organizations must take a more architectural approach to security. This means mitigation through robust security architectures that proactively shrink the attack surface, through fine-grained segmentation, principles of least privilege, and mandatory access control.”