The (nation) state of cyber attacks

Nearly two-thirds (64%) of organisations suspect they have been either directly targeted or impacted by a nation-state cyber attack. In addition, 66% say they have changed their cyber security strategy as a direct response to the conflict between Russia and Ukraine.

This was revealed by new research from Venafi, a machine identity management provider, which delved into the security impact of the increasing number of nation-state attacks and recent geopolitics shifts.

Other important findings include that 77% believe we’re in a perpetual state of cyber war, 82% believe geopolitics and cyber security are intrinsically linked, and another 68% have had more conversations with their board and senior management in response to the conflict between Russia and Ukraine.

Moreover, 63% say they doubt they would ever know if their organisation was hacked by a nation-state, and 64% believe the threat of physical war is a greater concern in their country than cyber war.

The research, which polled over 1 100 security decision makers globally, also looked at the methods used by nation-state threat actors and found that the use of machine identities is growing in state-sponsored cyber attacks.

Kevin Bocek, vice president, security strategy and threat intelligence at Venafi, says cyber war is here. “It doesn’t look the way some people may have imagined it would, but security professionals understand that any business can be damaged by nation-states. The reality is that geopolitics and kinetic warfare now must inform cybersecurity strategy.”

He said it’s been known for years that state-backed APT groups are using cyber crime to advance the political and economic interests and goals of their countries.

Unfortunately, he says everyone is a target, and unlike kinetic warfare attacks, it’s up to each company to defend itself against nation-state cyber attacks.

Kinetic attacks are a type of cyber attack that can cause direct or indirect physical damage, injury, or death through the exploitation of vulnerable systems and processes.

The research also discovered that Chinese APT groups are conducting cyber espionage to advance the country’s international intelligence, while North Korean groups are channeling the proceeds of cyber crime directly to their country’s weapons programs.

The SolarWinds attack which compromised thousands of companies by exploiting machine identities to create backdoors and gain trusted access to key assets is a prime example of the scale and scope of nation-state attacks that leverage compromised machine identities.

More recently, Russia’s HermeticWiper attack, which breached numerous Ukrainian entities just days before its invasion of the country, and used code signing certificates to authenticate malware, is another example of machine identity abuse by nation-state actors.

The digital certificates and crypto-graphic keys that serve as machine identities are the foundation of security for all digital transactions, he explains. “Machine identities are used by everything from physical devices to software to communicate securely. The only way to reduce risks of machine identity abuse commonly used by nation-state attackers is through a control plane that provides observability, governance, and reliability.”

Attacks by nation states are highly sophisticated, and often use techniques that haven’t been seen before, says Bocek.

“This makes them extremely difficult to defend against if protections aren’t in place before they happen. Because machine identities are regularly used as part of the kill chain in nation-state attacks, every organisation needs to up its game. Exploiting machine identities is becoming the modus operandi for nation-state attackers.”

The research was conducted by Sapio in July this year and spoke to security decision makers across the US, UK, France, Germany, Benelux, and Australia.