One study of 800 global IT decision makers has unveiled that only strong government support could level the cyber disparity.
A recent global cybersecurity report has found Russia and China to be among the most likely suspects of successful cyberattacks resulting in data loss, service disruption, and industrial espionage, which led to significant costs to the organizations attacked.
Based on a survey of 800 IT decisions makers in Australia, France, Germany, India, Japan, the United Kingdom and the United States, the report commissioned by Trellix involving the non-profit research agency, Center for Strategic and International Studies (CSIS), highlights the volume and severity of nation-state cyberattacks as a substantial problem for the international community.
Unlike typical cybercriminals, state-sponsored malicious actors focus on conducting intelligence operations to gain intellectual property and data to serve an economic or military goal, while also leaving backdoors in organization infrastructure for reentry.
Three key aspects of such advanced persistent threats (APTs) covered in the report include:
- Organization risk. Some 92% of respondents had faced or suspected they had faced a (multi)-nation-state cyberattack in the last 18 months or expected to face one in the future. However, most respondents struggle to confidently and accurately determine if a cyberattack is linked to a nation-state given technical challenges and the efforts hackers go to hide their identity. With the average nation-state-backed cyberattack costing an estimated US$1.6m per incident, 10% of organizations surveyed did not have a cybersecurity strategy.
- Consumer impact. During an APT attack,some33% of respondents reached out to their customers (46%) or employees (40%) to disclose the incident where personally identifiable information had been impacted.
- Government guidance. The report found 92% of respondents willing to share information about an attack, but not always the full details. Overall, organizations in the report were looking to the government for guidance into how they can protect themselves while being hindered by a lack of breach disclosures. Also, 90% of respondents thought the government should do more to support and protect critical infrastructure from cyberattacks. In the US, programs like the Cyber Safety Review Board, CISA’s Shield Up and the White House’s new Office of the National Cyber Director are examples of programs to help the private sector protect critical infrastructure.
According to CSIS’ James Lewis, Senior Vice President and Director, Strategic Technologies Program: “(APTs) and their criminal proxies are some of the most dangerous cyberattackers because they are capable, best resourced and extremely persistent. It’s not surprising that nation states, particularly China and Russia, are behind many of the cyberattacks organizations experience: What is surprising is that 86% of respondents in this survey believed they had been targeted by a group acting on behalf of a nation-state, and only 27% were completely confident in their organization’s ability to recognize such an attack in contrast to other cyberattacks.”
Meanwhile, Trellix has announced with a “medium confidence” level that APT group Nomad Panda (also known as RedFoxtrot) has been leveraging a new variant of the PlugX malware named “Talisman”. This
variant has been used to target defense and telecommunications entities across South Asia, likely to advance China’s Belt and Road initiative.
Said the firm’s CEO Bryan Palma: “As geopolitical tensions rise, the likelihood of state-sponsored cyberattacks rises as well. Cybersecurity talent shortages; outdated IT infrastructure; and remote work are the greatest challenges in today’s operating environment.”
Palma urged organizations to improve their defense against such “increasingly sophisticated attacks.”