Enterprises in every industry and of all sizes are finding themselves under an increasing barrage of cyberattacks. At the same time, the threat landscape is evolving, becoming more sophisticated and doing so at a faster pace than many organisations are able to keep up with.
Needless to say, the days are gone where a firewall alone was sufficient protection against a cybercriminal or group. The proliferation of connected devices, alongside flexible working practices and complex partner ecosystems have made the boundaries of an organisation ebb and flow. Threat actors with malicious intent are taking advantage of at an eye-wateringly large cost to businesses.
There are a number of threats which are evolving more quickly than others, but what are the ones that businesses need to be especially aware of today?
The flexibility offered by the modern business landscape has led to an increased use of third-party suppliers. In fact, a survey from Thomson Reuters entitled ‘Third Party Risk: Exposing the Gaps’ revealed that 70 per cent of organisations have become more flexible and competitive because of third-party relationships.
While these relationships may be beneficial for those involved, the security threat they pose often goes unnoticed or unaddressed.
Joining forces with third-parties and adding organisations to a supply chain in the modern world is more dangerous than ever. With threat actors now able to access information owned by larger organisations through the smaller (and potentially less secure) businesses within the chain, it’s no longer enough for enterprises to understand just their own security set up.
This kind of attack has been illustrated in recent years by a number of incidents. For example, in 2013, cybercriminals managed to steal $250,000 from Bangladesh’s Sonali bank, along with more than $12million from Ecuador’s Banco del Austro in 2015, by using the banks’ access to the SWIFT network to send fraudulent messages and transfer money.
To protect against this type of attack, every single organisation within a company’s supply chain needs to be equally aware of and protected against them. Ensuring there is no weak link within a chain by working closely with third-parties and implementing an overarching cybersecurity strategy could be the difference between being hit with an attack, crippling fine, or not.
Nation state attacks
Nation state attacks have made up the majority of the cybersecurity news over the past twelve or so months. Potential motives behind the WannaCry malware and the Petya attack both made global headlines and caused businesses across the world to sit up and take notice of these attack vectors due to their potential link to nation states.
They also raised some interesting points around the psychology and the tasking of nation state hackers. While it has since been confirmed by the UK and US governments that it’s “highly likely” WannaCry was caused by Lazarus Group, at the time of its release it wasn’t so obvious. While the malware contained the same wiper capability as Lazarus had previously implemented in other attacks attributed to nation state actors, its presence cannot be taken as attribution in the classic sense. The similarities in attack vectors certainly suggest that the same operators were involved in both attacks, but the intended effects seem completely different. It remains unclear whether this represents a multi-faceted nation state portfolio of attacks, covering multiple intended effects, or whether it was simply a reuse of previous capabilities by a hacker group that had formerly operated on behalf of a nation state attack.
This makes attribution difficult and almost impossible to identify a pattern in behaviour of those behind nation state attacks without deep insight in to how operator groups (whether internally employed or externally contracted) are tasked by their benefactors.
An evolution in the threat landscape is also being identified elsewhere, with a key example being the increasing risk of cyber vandalism.
While this form of attack has become popular in recent years, it’s often difficult for businesses to understand the reward which comes from them and the motives behind them. Could it be a student showing off their cyber talents, researchers inventing new methods of infecting a system, or perhaps developers testing their latest malware creations?
There is good news for organisations however, as there is now much more data available which can allow them to identify changes in attackers’ approaches and protect themselves before they become a target.
While it might seem like a luxury, taking the time to stop and think about the actor behind these attacks is vital. Enterprises need to start looking at cyberattacks from the adversary’s perspective to understand which attacks are more attractive and lucrative for the actors and to know how best to protect against them.
For the businesses that don’t understand the threat landscape is evolving, problems will persist and they will fall further behind attackers. Organisations need to act now to ensure their cybersecurity strategies, and those of the enterprises within their supply chain, are up to date and able to respond to new forms of attacks quickly. Only then can they be safe against the ever-evolving threat landscape.
Chris O’Brien is Director, Intelligence Operations at EclecticIQ