While the largest corporations enjoy revenue comparable to entire countries, most of us work in much smaller organizations. We like to think that nation-states will pick on someone their own size and leave us alone.
Unfortunately, attackers actually prefer to pick on anyone with weak cybersecurity. To them, size doesn’t matter. Worse, nation-state involvement causes legal entanglements, regulatory issues, or unrecoverable financial losses.
As a result, it’s important to catch nation-state cyberattacks early and handle them carefully.
Let’s take a look at how they’re already affecting businesses like yours, and why protecting yourself is so critical.
Government Sponsored Ransomware
As if ransomware attacks weren’t frustrating enough, paying nation-state ransoms creates tricky legal situations.
In 2020, the US Office of Foreign Assets Control (OFAC) issued a warning. In it, they declared certain ransomware payments to sanctioned governments and criminal organizations are subject to criminal prosecution and fines.
This OFAC ‘naughty’ list contains North Korea and the H0lyGh0st ransomware gang that started operations in June 2021. This group primarily targets small-to-midsized businesses with ~$100,000 ransom demands.
Of course, some ransomware attacks serve a totally different purpose – misdirection.
For example, two Chinese-affiliated hacking groups deploy ransomware to distract defenders and cover tracks related to their espionage activity.
It’s amazing the lengths some attackers go to in order to conceal their motives. But, how common are they, really?
Nation-state Cyberattack Examples
Chinese-affiliated hacking groups have conducted the longest running and most varied advanced persistent threat (APT) attacks. This year alone witnessed a large variety of attacks, such as:
- January 2022
- Hacking group APT41 deploys UEFI firmware implants into motherboard SPI flash memory which cannot be deleted or removed by normal means
- The German government warns of APT27 attempting to backdoor business networks
- APT27 is linked to a Red Cross breach of 515,000 Restoring Family Links participants through a Zoho security flaw.
- February 2022
- March 2022
- APT41 compromises at least six US state governments
- Unknown Chinese hackers deploy the Daxin rootkit backdoor and uses node-hopping to reach fully internet-isolated computers.
- APT19 targets VMware Horizon servers with a Log4Shell exploit rootkit.
- April 2022
- TA410, linked to APT10, is recognized as three separate groups with different tool sets, IP addresses, and targets.
- May 2022
- PricewaterhouseCoopers discovers an APT backdoor malware running with root on Linux and Solaris systems deployed by the Red Menshen APT group and estimated to be active for as long as five years.
- Cybereason uncovers a three-year-old espionage campaign by APT 41 against technology and manufacturing firms in East Asia, Western Europe, and North America that harvested hundreds of gigabytes of sensitive information.
- June 2022
- The NSA, CISA, and FBI warn of Chinese hacking groups exploiting unpatched SOHO routers, network service providers, and major telecommunication companies.
- SentinelLabs uncovered a decade-long APT espionage campaign in government, education, and telecommunication targets in south-east Asia.
- An APT group uses the ProxyLogon vulnerability to hijack building automation systems in Afghanistan, Pakistan, and Malaysia to gain access to the rest of the network.
- July 2022
- The Belgian Ministry of Defense acknowledges attacks by ATP27, APT30, APT31 and a fourth Chinese-related hacking group.
Although China grabs the most headlines, other countries conduct espionage as well. For example, Iranian hacker groups such as APT35 use PowerShell backdoors, while Lycaeum uses .NET-based DNS backdoors to infiltrate targets.
Cyber Warfare, Cyber Insurance, and Cyber Vigilance
While nation-state cyberattacks often seek secret information or money, that’s not always the case.
For instance, the Ukrainian conflict finds Russia attacking 128 targets in 42 non-Ukrainian countries. Although some of these attacks did attempt espionage, others used distributed denial of service (DDoS) attacks for pure disruption.
The sheer number of attacks already drive up cyber insurance costs for everyone. Making matters even worse, in many cases, insurance companies even used act-of-war exclusions to deny claims even before the war.
Insurance companies will surely deny claims associated with nation-state cyberattacks in future policies, leaving many companies stranded in such an event.
You simply cannot afford to become a victim. Between less insurance coverage, potentially illegal ransom payments, fines for data breaches, and increasing recovery costs, the concrete financial risks continue to rise.
To this sizeable risk, you must also add intangible costs such as reputation damage, lost business revenue, and intellectual property theft. Though not all nation-state cyberattacks can be stopped, a strong defensive posture can drastically reduce risk and damages.
Blue Bastion Cyber Security, along with the networking specialists of Ideal Integrations, can help. Simply contact us at 412-349-6680, or fill out the form below, and our security experts can outline how cybersecurity monitoring, endpoint protection, micro segmentation, and other techniques can shorten the time for detection.
We’ll also explain how our teams can respond to incidents, stop attacks in progress, and remediate systems for a full recovery no matter who’s behind the attack.
