72% of IT executives fear trickle-down of nation-state attack techniques will hurt business
Nation-state techniques, such as those used in the SolarWinds attack, are already being adopted by ransomware gangs.
HP Wolf Security has released the findings of its global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation-state attacks.
In the survey, 72% of respondents say they worry nation-state tools, techniques, and procedures could filter through to the dark net and be used to attack their businesses. According to HP, these concerns are well-founded. In recent months, evidence has emerged that ransomware gangs have already adopted techniques deployed in the SolarWinds supply chain attack, a trend it says is likely to continue.
"Tools developed by nation-states have made their way onto the black market many times," says HP global head of security, personal systems, Ian Pratt.
"An infamous example being the Eternal Blue exploit that the WannaCry hackers used. The return on investment is now strong enough to enable cybercriminal gangs to increase their sophistication, so they can start mimicking some techniques deployed by nation-states.
He says the recent software supply chain attack launched against Kaseya customers is an excellent example of this.
"This is the first time I can recall a ransomware gang using a software supply chain attack in this way. Now that a blueprint has been created for monetising such attacks, they will likely become more widespread.
According to HP, an independent software vendor (ISV) with a modest-sized customer base that didn't supply government or large enterprises would previously be an unlikely target as a stepping-stone in a supply chain attack. It says ISVs of all types are now very much in scope for attacks that result in compromised software and services being used to attack customers.
Beyond the risk from cybercriminals, the survey found more than half (58%) of ITDMs are worried their business could become a direct target of a nation-state attack. A further 70% believed they could end up being collateral damage in a cyberwar. When discussing specific concerns relating to a nation-state cyber-attack, sabotage of IT systems or data was the main worry, shared by almost half of respondents (49%).
Other concerns include:
- Disruption to business operations (43%).
- Theft of customer data (43%).
- Impact on revenues (42%).
- Theft of sensitive company documents (42%).
"This is a genuine threat that organisations need to take seriously," says Pratt.
"Whether defending against a cybercriminal gang using nation-state TTPs, or a nation-state itself, organisations face an even more determined adversary than ever before.
"Businesses of all sizes need to re-evaluate their approach to managing cyber-risk in the face of this. There is no single tool or technique that will be effective, so organisations must take a more architectural approach to security," he says.