How Geopolitics Impacts Your Company’s Cybersecurity Risk
How can organizations defend against cyberattack tactics adopted by threat actors from global conflicts?
While the world focuses on the events unfolding in Ukraine, the unfortunate reality is that those battlefield tactics spill into the international combat zone of cybersecurity with significant implications. In fact, geopolitical conflict is a hotbed of innovation for all types of nefarious behavior, and that’s especially true for cyberattacks.
Nation states have some of the most advanced cyber-capabilities in the world, though often kept under wraps. But in an interstate conflict, those attack methods are unveiled and leveraged by cybercriminals around the world.
This occurred with NotPetya malware that was released in June 2017 in an initial swipe at organizations in Ukraine, including banks, ministries, newspapers and electricity firms. After the initial strike, similar infections were reported in France, Germany, Italy, Poland, Russia, the United Kingdom, the United States and Australia, resulting in billions of dollars in damages. Another example is Stuxnet, a malicious computer worm that initially targeted Iran’s nuclear program in 2010 but was then adapted by cybercriminals to attack other industrial and energy-producing facilities.
Distributed denial of service (DDoS) is another attack method commonly tied to geopolitical events. And these attacks are not just reserved for nation states. Because there are a plethora of DDoS attack services and tools, just about anyone can launch a DDoS attack against any online service. For example, DDoS attacks have been used to disrupt worldwide sporting events, elections, schools—the list goes on.
And the reality is that the world is a hotbed of political instability, with conflicts occurring across the globe, as well as major power plays taking place between rivaling nations. Indeed, there is a plethora of geopolitical conflicts—both hot and cold—that could push countries to unveil new cyber tactics.
Lest any enterprise organization doubt the seriousness of such attacks, the National Cyber Security Alliance says 60% of companies are unable to keep their businesses open six months after a cyberattack. As such, enterprises need to closely monitor cyber-developments in conflict zones around the world because there are often ripple effects that impact IT and security operations years down the road and thousands of miles away.
Defending Against the Unknown
The question then is, how do companies prepare to defend against a cyberattack that either has never been launched or that has been so limited in use that there are few—if any—known indicators of compromise (IoCs) cybersecurity software is built to look for and stop?
It’s important to understand that geopolitical attacks aren’t always financially motivated. In other words, they don’t always take the form of ransomware. Threat actors have any number of reasons to target enterprises, including:
- Access to critical business information, including financial information and customer records
- Access to employee records, including sensitive personal identifiable information
- Theft of trade secrets, intellectual property (IP), product design, patent data, proprietary research, business plans, new business ideas and marketing plans. This happened in May when a state actor made off with trillions in IP theft from 30 multinational companies in manufacturing, energy and pharmaceutical verticals
- Social interference
- Disruption to business in a number of ways, including infecting computer systems with malware and taking down online services with DDoS attacks
- Competitive take out to gain a rival’s business
- Brand and reputation damage
When an attack occurs, all stakeholders end up feeling less secure about leaving their sensitive information in the hands of a company whose IT infrastructure was breached. This includes employees, vendors and suppliers, as well as customers.
Regardless of motive, however, nation-state attacks are generally highly sophisticated, including the use of botnets to launch DDoS attacks and supply chain compromises. Nation-state attacks also include the use of viruses and phishing, malware that destroys infrastructure, ransomware and disinformation campaigns.
The Impact on Enterprise
Likewise, it’s important to understand that the tactics adopted by threat actors from global conflicts may not be used in the same way when targeting an enterprise. For example, a nation state could unveil a precious zero-day exploit to shut down the grid in a nation-state conflict. That same zero-day exploit could then be used against any organization that has the same vulnerability in their network based on the hardware, software and partners they use—not just against other power companies around the world. Such was the case with both the Eternal Blue and Log4J attacks.
Enterprises should take multiple steps to protect against nation-state attacks. These include prioritizing the patching of known exploited vulnerabilities; providing end-user awareness and training; and deploying modern security tools to continuously look for and mitigate threats.
Likewise, it’s important to rely on cybersecurity partners to ensure access to the latest and most robust threat intelligence feeds. Netscout’s Arbor DDoS protection solutions are powered in part on this type of intelligence. Our Active Threat Level Analysis System (ATLAS) collects, analyzes, prioritizes and disseminates data on emerging threats based on our visibility across one-third of the internet. ATLAS collects data from a diverse array of sources, from enterprises and service providers to dark web and botnet traffic, to form a complete picture of the threat landscape.
It’s also important to be able to detect anomalous behavior as it’s happening on your network, which may indicate that you’re under attack from a previously unknown vulnerability. NETSCOUT’s Omnis Cyber Intelligence network detection and response (NDR) solution and Arbor DDoS protection solutions have this capability.
In other words, the best way to protect your company from such attackers is to be well-educated, ensure the viability of your networks and protect against future attacks. NETSCOUT experts can help you assess any potential weaknesses in your network and help you better understand the ways in which your company is likely to be targeted by nation-state actors.
For more information on how geopolitics is driving increased cyberattack activity, read NETSCOUT’s latest Threat Intelligence Report.