Dec 28, 2021
78 Views
0 0

Global Cyberattacks from Nation-State Actors Posing Greater Threats

Written by

Newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Share this article:
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. 
The macro-trend I’m most alarmed by today is the fact that attackers don’t seem to care about getting caught anymore. We have seen an increase in temerity of attacks by nation-states, such as the Russian attack on SolarWinds, and seen their attack tactics shift from targeted, stealthy operations into opportunistic hacks for potential future uses, such as the attacks attributed to Hafnium.
Such a brazen approach hasn’t been a common tactic of nation-states in the past, but now seems to be the status quo. In part, this trend may also be due to a destabilization of the international relations climate stemming from COVID-19, as well as work-from-home forcing core business services out onto the internet to facilitate employee access.
Broadly speaking, we should see China as a rising cybersecurity threat on the international stage. That has been the case for some time in terms of their economic, defense and military posture, but 2021 has quite clearly demonstrated that the relationship has deteriorated into a sort of Cold War, with espionage playing out in the cyber-domain. 
The rapid and globally synchronized shift to work-from-home was hugely impactful from a security attack surface standpoint, but we were collectively focused on the same goals. As the dust begins to settle on the pandemic, a new threat emerges: Technological disruption as a result of a transition to hybrid work, where the goals are widely varied and generally less defined. As a result, the home is now viewed as part of the attack surface, and this introduces such a vast number of new variables that it’s safe to say that we don’t really know how that works yet.
This is a disturbing development because it is so easy to determine the home address of a potential target these days, bringing the employee’s house into scope as a newly vulnerable attack surface.
Similarly, how should security measures work to protect Zoom video calls? We are all working on these same problems, but there is no easy solution because the approach to hybrid work differs for every organization. Anytime complexity increases, it also increases the potential attack surface.
We have seen increased interest in consumer internet of things (IoT) and home-router zero-day exploits, with attacks following close behind. In the past, the home as an attack vector was rarely interesting to sophisticated nation-state attackers or cybercriminal gangs, but we should expect to see more activity in this area over the coming year.
Ransomware has been working well for the bad guys for quite some time now, but in 2021, it established itself as a highly effective and lucrative criminal business model. Just like any regular business, things that work tend to accelerate, receive investment, and evolve, and we should expect to see a continuing acceleration in the adoption of ransomware tools by attackers, including the criminal enterprises funded (or shielded) by nation-states.
The ransomware problem is particularly acute for the healthcare sector. Shutting down computer networks at hospitals and clinics can quickly spiral into a case of life-or-death for patients, and the increased awareness of healthcare’s critical nature makes it an attractive target to hold to ransom. I hope this predicament will force providers to innovate by developing a new category of security solutions to disrupt the economics of ransomware.
We saw a promising development in Q2 of 2021, when the insurance firm Lloyd’s of London retracted their insurance policies for ransomware payments in France. Lloyd’s adjusted their policies to not pay ransom costs anymore, likely because their actuaries told them it was irrational to insure against this problem — we’re just not very good at preventing it yet. That step will likely signal big changes coming for the insurance, fintech and security industries in the year ahead and beyond.
Perhaps the most encouraging trend of all may be the disruption of indifference to the security problem that we have seen from leaders of organizations across all types of industries and regions. 2021 has very clearly demonstrated that the cyber boogie-man is real and active, and could attack them next.
Many organizations are still stuck in “ostrich risk management”: Hoping that by burying their heads in the sand and ignoring the problem, it will cease to matter. However, the steady increase in attacker activity throughout 2021 is continuing to erode this a viable strategy, the cybersecurity problem is growing, and breaches can happen to anyone next.
Consumers are weighing in too, becoming more wary about security hacks and breaches. In turn, that awareness is influencing buyers to demand products that will make security a prime feature and market differentiator.
Casey Ellis is chairman, founder and CTO at Bugcrowd.
Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.
Share this article:
A look back at what was hot with readers in this second year of the pandemic.
The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities.
Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said.


This site uses Akismet to reduce spam. Learn how your comment data is processed.
Join thousands of people who receive the latest breaking cybersecurity news every day.
1.8M+ attacks, against half of all corporate networks, are attempting to exploit #Log4Shell, including with a new r… https://t.co/dDky1faadm
2 weeks ago
Get the latest breaking news delivered daily to your inbox.
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.

source

Article Categories:
Cloud Security

Comments are closed.