Russia and China ‘most likely’ behind state-sponsored cyber threats: Trellix
State-sponsored cyber attacks have been increasing— and Russia and China are among the most likely suspects of being behind these successful cyberattacks that resulted in data loss, service disruption, and industrial espionage, said a new report published Trellix, a cybersecurity company and the Center for Strategic and International Studies (CSIS).
For the uninitiated, state-sponsored attacks (SSA) are carried out hackers linked to a nation (state). The primary goal of these hackers is to identify and exploit the national infrastructure vulnerability, gather intelligence, and exploit systems. This year, we have seen Russian ransomware particularly attacking Ukrainian government agencies to wash out their systems completely.
“As geopolitical tensions rise, the likelihood of nation-state cyberattacks rises as well,” said Bryan Palma, CEO of Trellix. “Cybersecurity talent shortages,outdated IT infrastructure, and remote work are the greatest challenges in today’s operating environment. Organisations must improve their automation, remediation, and resiliency capabilities to defend against increasingly sophicated attacks.”
The report surveyed 800 IT decisions makers in India, Australia, France, Germany, Japan, the United Kingdom and the United States to find out how nation state actors differ from other cyber criminals.
Organisations at risk
At least 92 per cent of respondents surveyed said they have faced or suspect they might have faced a nation-state backed cyber attack in the last 18 months or expect to face one in the future. According to the report, an average nation-state-backed cyber attack costs an estimated $1.6 million per incident. Yet the report finds 10 percent of organisations surveyed do not have a cybersecurity strategy in place.
Only 33 per cent of organisations reported reaching out to their customers to disclose a cyber security incident which involves breach of their personal data. The respondents view personally identifiable information (PII) related to either their customers or employees—as one of the main factors they would be targeted.
Seeking guidance from the Government
The report highlights that organisations are seeking guidance from the government. With 90 per cent of respondents believe that the government should do more to support and protect critical infrastructure from cyber attacks.
“Nation-states and their criminal proxies are some of the most dangerous cyber attackers because they are capable, best resourced and extremely persent,” said James Lewis, senior vice president and director, Strategic Technologies Program for CSIS. “It’s not surprising that nation states, particularly China and Russia, are behind many of the cyber-attacks organisations experience; what is surprising is that 86 percent of respondents in this survey believe they have been targeted a group acting on behalf of a nation-state, and only 27 percent are completely confident in their organisation’s ability to recognise such an attack in contrast to other cyberattacks.”
Meanwhile, Trellix Threat Labs also discovered a new activity from a hacker group RedFoxtrot that has been leveraging a new variant of the PlugX malware which Trellix has named “Talisman.” The Talisman variant of the malware has been used to target defense and telecommunications victims across South Asia, likely to advance China’s Belt and Road initiative which aims to expand trade and economic relationships across Europe, Asia and Africa.