A survey from cybersecurity firm Venafi finds that the Russia-Ukraine conflict is having a substantial impact on how businesses view their defenses and protect themselves from internet-based threats. 64% of respondents believe that their organizations have either been targeted or impacted by nation-state attacks, and just about as many say that the Ukraine invasion and subsequent activity has directly caused them to change their cybersecurity strategy.
In addition, 77% now believe that there is going to be a perpetual state of cyber war going forward, but the majority are still not confident that they would be able to detect and identify advanced nation-state espionage if they were targeted.
Businesses increasingly aware of being in the crosshairs of nation-state attacks
The Venafi survey was conducted in July and included 1,100 security decision makers (SDMs) from companies located in the United States, Australia and an assortment of European countries.
Well over half of the respondents not only believe that they have already been targeted by nation-state attacks, but have made changes to their cybersecurity practices due to the Russia-Ukraine conflict. Though it comes after the period in which the survey was taken, there has been a recent escalation in attacks on the key NATO members that are providing aid to Ukraine, particularly in the US as airport websites throughout the country were recently taken down by a distributed denial of service (DDoS) campaign.
As that example illustrates, organizations now have to worry not just about nation-state hacking teams but also self-declared “hacktivists” that may decide to privately take action on behalf of their nation. 68% of the respondents say that they have had conversations with their board and senior management about some aspect of the Russia-Ukraine conflict and how it might lead to attacks on the company.
The survey also finds that organizations do not see this as something that will end when the Russia-Ukraine conflict is eventually resolved. 82% say that they believe geopolitics and cybersecurity are intrinsically linked, and 77% believe they have to prepare for a “perpetual” state of cyber war. Though they see nation-state attacks as an omnipresent threat, 63% say they doubt they would be able to identify or stop these attacks if they were targeted.
One interesting side note is that in spite of these results, 64% of the respondents still say that they view physical war as a greater concern for their specific country than nation-state attacks via cyber war, even though the survey was limited to Western nations that are not currently engaged in major conflicts.
Taylor Ellis, Customer Threat Analyst with Horizon3.ai, feels that quite a few organizations are still not accurately assessing their risk level in this area: “With all of this diplomacy gone wrong, it is no wonder that wars are being fought… but they are predominantly fought in the cyber world. Many are correct to believe that cybersecurity and geopolitics are directly linked.”
“Despite a nation-state’s obvious agenda for zeroing in on military and government targets, such adversaries have become bolder and less dismissive of attacking private businesses, regardless of that company’s allegiance to serving consumers internationally. Therefore, every private institution needs to align their policies to thinking ‘security first.’ While most businesses have IT departments, many still lack a well-trained and sophisticated cybersecurity team within their organization. Such changes for a more secure network and security structure need to be made, as well as recruiting for the people who can do the job effectively (not just a one-person team),” noted Ellis.
Russia-Ukraine conflict may have permanently reshaped cybersecurity landscape
As Venafi notes, Russia has had a recent focus on attacking targets in Ukraine with “wiper” malware, focusing on damaging government agencies and also possibly critical infrastructure in preparation for a likely renewed military push in the winter months. While attacks on NATO allies thus far are thought to be the work of Russian criminal groups and “hacktivists,” there are numerous prior examples of Russian malware meant for Ukraine escaping from the war zone and infecting other companies across the world. One such example happened in the early weeks of the Russia-Ukraine conflict, as a German energy company ended up being hit with malware that was tailored for targets in Ukraine.
While the Russia-Ukraine conflict is the primary current focus, Venafi notes that Chinese APT groups have also stepped up their espionage campaigns and have a history of targeting foreign companies to steal proprietary information. And North Korea’s state-sponsored hackers turn their advanced skills to stealing money from any opportune sources, as evidenced by their rampage through the world of decentralized finance this year.
Companies are right to be doubtful of their ability to detect and fend off nation-state attacks, as the governments that are most active in espionage are also the world’s primary consumers of “zero day” vulnerabilities that are sold on the black market.
As Rajiv Pimplaskar, CEO at Dispersive, notes, they are also in possession of resources that no private actor in the world has: “Nation state actors have the added advantage of sophisticated toolkits combined with well-coordinated human and compute resources that can make them particularly deadly. The de-perimeterization of the corporate network over the past decade coupled with the work from home during the COVID-19 pandemic, have created a perfect storm of loss of infrastructure control on part of IT and broadened the attack surface to include the Internet. Typical VPNs or ZTNA solutions stop at the network level and are unable to withstand a targeted assault from nation state actors who can penetrate the protocol stack with advanced attacks. Corporations and Governments alike should look at advanced cyber defense techniques like stealth networking to obfuscate source destination relationships and flows of interest thereby ensuring protection of sensitive data and resources.”
It is also important for organizations to not dismiss the potential threat of nation-state attacks simply due to not possessing information that they believe these countries would be interested in. If a company has any sort of access to any government agency, they may be viewed as the entry point for a supply chain attack that is meant to eventually open up a door to a more valuable target.
Chloé Messdaghi, Chief Impact Officer at Cybrary, expands on how this approach tends to work, and the lengths to which hackers are willing to jump from system to system to get to their eventual point of interest: “Security teams need to remember that they have governmental customers or users that have governmental customers, and so they and their customers will be persons of interest to the malicious actors. Malicious actors work by looking for the intermediate openings to get to the Target. They will move from E to D to C to B to get to A, their actual Target – threading the needle and traversing weaker points of entry. For example, they go through the schools to a local government, and then to the State and then to the Federal Government target, because we’re all connected nowadays. Global conflicts begin locally. Think of it this way: ‘To hack Globally, start Locally.’ Threat actors look for the easiest and smallest point of vulnerability. North Korea went after influencers in the hacker space to get into their potential government contacts, and then moved laterally to the larger targets.”
