Nation-State Attacks

Written By Clark Beggs

Times of conflict tend to increase concerns that U.S. companies and critical infrastructure could be targeted as a cyber component of a broader nation-state conflict.

What is a nation-state cyberattack?

Nation-state attackers use techniques similar to those used by other cybercriminals; however, nation-state cyberattacks are likely to be better funded, and can work without fear of consequences, since they are unlikely to be arrested in their country.

What are they looking to do?

While the exact motivations behind nation-state attacks vary, the purposes can include:

  • steal secret information

  • seek financial gain

  • exact retaliation

  • extort ransoms

  • meddle in elections

  • negotiate leverage

  • prepare for war

Who do they target?

Nation-state attacks typically target critical infrastructure such as energy, manufacturing, and water systems. Industries that are considered vital to the functioning of a nation are targeted:

  • Public Administration

  • Information

  • Manufacturing

  • Health Care

The public administration sector accounts for the greatest frequency of nation-state attacks (34%), according to Advisen data. However, nation-state attacks are quickly becoming more frequent in the private sector. Nation-state attacks are often fueled by international competition. Therefore, organizations are frequently targeted by nation-states that are trying to gain a competitive advantage through the theft of intellectual property.

Increasingly, nation-state attackers are compromising organizations through their supply chains. In 2020, for example, Nobelium, a Russian-sponsored group of hackers was strongly believed to have committed a nation-state supply chain attack. The group allegedly slipped malicious code into SolarWinds software, which was then spread to customer systems through legitimate software updates. An estimated 18,000 customers may have had malicious code installed in their software as the result of this supply chain attack. SolarWinds spent $18 million in response costs in the first quarter following the cyberattack, although the final cost may be much greater, according to Advisen data.

What type of attacks are used?

Nation-state attacks frequently come in the form of network/website disruption (47%). Network/website disruption cyberattacks are typically aimed at bringing down online services, such as company websites, which can cause major business interruption losses. For example, a cyberattack at DSW Shoe Warehouse in 2020 shut down their digital sales capability for two weeks, contributing to a $652 million decrease in sales from the prior year, according to Advisen data.

  • Network/Website Disruption

  • Data-Malicious Breach

  • Phishing, Spoofing, Social Engineering

  • Industrial Controls & Operations

  • IT-Processing Errors

Through what medium?

Looking at the way in which nation-state threat actors typically commence their attacks, server breaches are by far the most common, accounting for 65% of all nation-state attacks.

Although nation-state attackers frequently gain access through company servers and websites, their interference is often designed to spread throughout the company, infecting deeper into vital enterprise functions, as was the case with the SolarWinds mentioned earlier.

  • Servers

  • Websites

  • Emails

  • Software

  • Social Media

  • Desktops

Nation-state attackers compromise organizations through their supply chains, causing massive disruptions to business operations and loss of money in the millions.

How do you reduce this risk?

Nation-state attacks are becoming wider-spread and are causing more damage than ever before. These attacks may seem daunting, but there are ways to reduce the risk of becoming a victim of such an attack. Here are some loss control suggestions:

  • Conduct vendor due diligence. Complete a comprehensive security screening of a potential vendor before forming a partnership.

  • Isolate networks. Internal networks should be removed from the internet as much as possible. When access is needed, it should be isolated to tightly controlled, one-way paths for moving data into the network.

  • Share threat information with law enforcement. Sharing threat information between organizations, including law enforcement and governmental bodies, increases situational awareness and helps all parties monitor the threat landscape.

  • Train employees on threat identification and reporting. Employee training should be ongoing and include targeted drills, clear communication and tests to assess employees’ ability to identify and report attempted phishing attacks. 

How does insurance play a part in this?

In the event of a breach, theft, damage, or misuse of information, there can be massive operational downtime, recovery costs, legal fees, and even third-party losses. Cyber liability insurance may cover these costs and losses.

A single breach or attack can be devastating to your business, just like a fire.

This Benefits Insights is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice. © 2022 Zywave, Inc. All rights reserved.

Clark Beggs
Previous

10 Tips for ADA Website Compliance
Next

The Great Resignation