Cybersecurity effectiveness in the era of nation-state attacks

April 18, 2023
U.S. businesses can help defend against unprecedented cyber-threats now targeting the private sector

Russia’s invasion of Ukraine saw leaders come to the stark realization that they must be prepared to defend themselves from attacks from criminal, insider and nation-state threat actors. Russia’s act of war has set a new stage for the use of cyber weaponry, highlighting the vulnerability of critical infrastructure around the world to cyberattacks and data breaches. Goldman Sachs predicted earlier this year that a Russian attack on US infrastructure could cost up to $1 trillion. The President of the United States stated it would be “part of Russia’s playbook” to initiate cyber warfare, so it comes as no surprise that nation-state cyberattacks became more brazen as tactical warfare entered the cyber domain in 2022. President Biden also issued Executive Order 14028, “Improving the Nation’s Cybersecurity” to support our nation’s cybersecurity and protect the critical infrastructure and Federal Government networks underlying that also require higher levels of cyber readiness for key industries and federal suppliers.

Nation-State Threats

 We have known for decades that state-sponsored Russian hackers have been responsible for routine attacks on adversaries, but this year has seen global cyber-threat heighten significantly. The economic sanctions imposed by the United States and its allies have in part provoked an effective declaration of cyber warfare from Russia, with the ultimate aim of disrupting and degrading the Ukrainian government and its militaristic endeavors. The increase in recent high-profile attacks demonstrates Russia’s ability to successfully launch destructive cyberattacks, causing chaos both kinetically and socio-politically. These Nation-State threat actors are also targeting private industries that provide critical infrastructure, military supplies, and equipment.

Analysts at cybersecurity firm Mandiant have said the deployment of wiper attacks has compounded the aggressiveness of Russian cyber activity in 2022 This has contributed to a constant re-targeting of infrastructure inside and outside of Ukraine, from state-backed entities such as TEMP. Armageddon thrives on end-to-end intrusions and lateral movement from continual network access. As Russian missiles cut off 10 million Ukrainians from power and left up to 80% of Kyiv’s population without running water, hackers also infiltrated Ukrainian software systems to facilitate conflict on the ground, stealing military and foreign policy intelligence and gaining access to data on other critical infrastructure systems.

Through disabling and disrupting vital infrastructure, Russia’s hybrid warfare techniques thrive on degrading Ukraine’s defensive capabilities. Microsoft’s cautionary statement clearly warns countries and governments against the expected continuation of Russian cyber offensive operations, declaring “the world should be prepared” for several lines of Russian attack in the digital domain. Governments and enterprises around the world are under more pressure than ever to deliver battle-ready cybersecurity to defend against the malicious cyber-activity of adversaries.

Businesses at Risk

Russia, China, Iran and North Korea continue to escalate their cyber tactics at businesses and organizations worldwide. New technologies such as artificial intelligence and machine learning have incentivized the growth of the attack surface like never before. Consequently, any organization which conducts its business online in any capacity is at risk of a cyberattack.

The same tactics, techniques, and procedures implemented in high-profile attacks on critical infrastructure organizations will be instrumental in targeting businesses in 2023. Ransomware attacks have produced an influx of high-profile data breaches over the past year. These incidents typically involve the encryption of the victims’ data and payment demands in the form of cryptocurrencies, criminal cyber groups seek out sensitive corporate data with the threat of its publication or auction on Dark Web forums.

So long as hackers continue to profit from weak cybersecurity, they will relentlessly cripple networks and security systems within targeted organizations. Disguised as an unassuming email that employees then open, email spear-phishing attacks are also popularly used to plant destructive malware into systems. This malware can infiltrate systems and remain dormant without detection until triggered. Businesses are therefore not only guarding against cyber theft but also against attacks that they may not even be aware have already been deployed within their systems.

Organizations must be prepared to defend their confidential and immovable data over the next year to avoid the reputational and monetary damage which follows data leaks and cyber hijacking. Just like their nation-state counterparts, businesses must be battle-ready for heightened cyber warfare.

The Keys to Strategic Defence

 Despite the increasing rate of cyberattacks, new defensive technologies give organizations the confidence to defend and fight back against cybercrime. Cyber Ranges allow organizations to create a high-fidelity digital replica of their production network. Cyberattacks can then be launched against this simulation and the networks’ ability to detect, identify, and respond to this attack can be assessed.

Businesses can test their cybersecurity tools within a guaranteed safe environment, understanding how effective their current applications are and where their capabilities end. This allows organizations to validate their people, processes, and technology through repeated scenario training and testing; quantifiably measuring cyber preparedness within the conditions of your own environment. The data gathered from an attack reproduction within a Cyber Range also ensures more effective cybersecurity spending and has the potential to reduce costs for CFOs.

By investing in defense technologies, such as Cyber Ranges, companies can assess their tools’ preparedness to defend against an attack on their systems and make the necessary changes to further enhance their cybersecurity capabilities.

A Call to Arms: Cyber Safeguarding within Your Business

In their analysis of foreign threats, Mandiant went on to warn that Russia could seek to use criminal actors against NATO nations as a means of reprisal, conducting potentially disruptive operations against financial entities, relying on wiper attacks and ransomware as means of disruption. This means executing an in-depth approach to understanding their networks, assessing what legitimate executables should be running on all devices and ensuring alerts are triggered when unusual file behavior occurs. Educating all employees and making staff hyper-aware of possible threats through ongoing training and unannounced drill exercises also ensures the identification and reporting of damaging and corrupting phishing attacks.

Knowing where critical systems and data reside within organizations also helps develop business continuity and disaster recovery plans. Data represents a substantial percentage of business value, so its protection needs to be a top priority. After the loss of highly confidential corporate data, the reporting, lawsuits, negative publicity, fines, loss of market share, drops in stock prices, and reputational injury, means the lasting damage is extremely costly. Businesses must expect the unexpected and be confident that they can return to full operations as quickly as possible, thus reducing the impact of the incident.

The Future of Cybersecurity

 As the number and sophistication of data breaches and cyberattacks continue to rapidly develop, the 2022 World Economic Forum’s (WEF) Global Risks Report listed cyberattacks on global critical infrastructure as a top concern. Yet the intelligence gained around how Russia implements cyber tactics to execute nation-state attacks can be harnessed to help organizations assess their cyber readiness and better prepare for future attacks. It has become clear nation-state attacks are no longer limited to governmental operations, but instead have become more frequent and far-reaching.

The Foreign Policy Research Institute has warned that the world needs to find ways to respond to Russian cyberattacks not only during a shooting war but also to the persistent attacks that form their ongoing hybrid war against the West. Cybersecurity, therefore, needs to be treated as an integral tool in the fight for democracy.

About the author: William “Hutch” Hutchinson is CEO and co-Founder of SimSpace, starting the cyber-readiness platform in 2015 to deliver military-grade cybersecurity protection against advanced cyber threats for governments and organizations worldwide.

A former F-15 Fighter Pilot, Hutch went on to lead cyber exercises at the U.S. Cyber Command and created numerous Department of Defence (DoD) cybersecurity training, testing and assessment programs. Hutch helped create a “Special Forces” approach to testing cyber defense teams and continues to serve as the Test Director for cyber operational assessments at the DoD.

At SimSpace, Hutch spearheaded multiple SimSpace deployments in financial and other commercial sectors. Hutch holds a bachelor’s degree from Duke University, a master’s degree in aerospace engineering from the University of Texas at Austin, and a Master’s degree from the MIT Sloan School of Management.

Courtesy of Getty Images -- Credit:OLGA Zhukovskaya
Ukraine has become a battleground for both cyber and kinetic attacks.
Courtesy of Getty Images -- Credit: shapecharge
Like the myriad hacktivist attacks linked to the Russian-Ukrainian conflict since last January 2022, these politically motivated groups undertake campaigns leveraging public communication channels to influence public opinion.