As tensions rise over Russia’s possible invasion of Ukraine, there is increasing concern U.S. companies and critical infrastructure could be targeted as a cyber component of the broader nation-state conflict. In fact, the U.S. government has issued warnings about the potential for an attack similar to NotPetya, a cyberattack in 2017 that targeted Ukraine but claimed victims worldwide, resulting in billions of dollars in losses.
These warnings by the U.S. government are part of a long list of nation-state cyberattack concerns. Read on to learn what a nation-state cyberattack entails, what industries are most commonly victimized and how to guard against state-sponsored attacks.
Overview of Nation-state Cyberattacks
The techniques used by nation-state attackers are similar to those used by other cybercriminals. However, because these threat actors are working for a nation-state, they are likely to be better funded and can work without fear of retribution as they are unlikely to be arrested in their own countries. While the exact motivations behind nation-state attacks vary, the purposes can include:
- stealing secret information
- seeking financial grain
- exacting retaliation
- extorting ransoms
- meddling in elections
- negotiating leverage
- preparing for war
Nation-state attacks typically target critical infrastructure, such as energy, manufacturing and water systems. They also often target manufacturing and other industries that are considered vital to the functioning of a nation. Industries seen as containing important trade secrets and information may also be targeted.
The public administration sector accounts for the greatest frequency of nation-state attacks (34%), according to Advisen data. However, nation-state attacks are quickly becoming more frequent in the private sector. Recent research found that 35% of all nation-state attacks target enterprises. Nation-state attacks are often fueled by international competition. Therefore, organizations are frequently targeted by nation-states that are trying to gain a competitive advantage through the theft of intellectual property.
Increasingly, nation-state attackers are compromising organizations through their supply chains. In 2020, for example, Nobelium, a Russian-sponsored group of hackers was strongly believed to have committed a nation-state supply chain attack. The group allegedly slipped malicious code into SolarWinds software, which was then spread to customer systems through legitimate software updates. An estimated 18,000 customers may have had malicious code installed in their software as the result of this supply chain attack. SolarWinds spent $18 million in response costs in the first quarter following the cyberattack, although the final cost may be much greater, according to Advisen data.
Nation-state attacks frequently come in the form of network/website disruption (47%). Network/website disruption cyberattacks are typically aimed at bringing down online services, such as company websites, which can cause major business interruption losses. For example, a cyberattack at DSW Shoe Warehouse in 2020 shut down their digital sales capability for two weeks, contributing to a $652 million decrease in sales from the prior year, according to Advisen data.
Malicious data breaches account for the second-greatest frequency of nation-state attacks (40%). Phishing, spoofing and social-engineering attacks are less common at 7%, according to Advisen data.
Looking at the way in which nation-state threat actors typically commence their attacks, server breaches are by far the most common—accounting for 65% of all nation-state attacks. Attacks originating from websites emails and software were less common, accounting for 18%, 7% and 7% of attacks, respectively.
Although nation-state attackers frequently gain access through company servers and websites, their interference is often designed to spread throughout the company, infecting deeper into vital enterprise functions, as was the case with the SolarWinds mentioned earlier.
Employer Loss-control Trips
Nation-state attacks are becoming wider-spread and are causing more damage than ever before. These attacks may seem daunting, but there are ways to reduce the risk of becoming a victim of such an attack.
Here are some loss-control suggestions:
• Conduct vendor due diligence. Complete a comprehensive security screening of a potential vendor before forming a partnership.
• Isolate networks. Internal networks should be removed from the internet as much as possible. When access is needed, it should be isolated to tightly controlled, one-way paths for moving data into the network.
• Share information. Sharing threat information between organizations, including law enforcement and governmental bodies, increases situational awareness and helps all parties monitor the threat landscape.
• Train employees. Employee training should be ongoing and include targeted drills, clear communication and tests to assess employees’ ability to identify and report attempted phishing attacks.
As nation-state cyberattacks increase, it’s critical for employers to take every step possible to protect their organizations. Reach out to Odell Studner to discuss cyber loss-control strategies in greater detail.
Need further guidance assessing your business risk?
Risk management expert Odell Studner can help! Contact us today to get started on a risk assessment and mitigation plan.