Where advanced cyberttackers are heading next: Disruptive hits, new tech
In November, Ukraine’s president revealed that the country’s IT defenses fended off more than 1,300 Russian cyberattacks, including attacks on satellite communications infrastructure.
The onslaught of cyberattacks highlights one of the shifts in advanced persistent threat (APT) attacks seen in the past year: In 2022, geopolitical tensions ratcheted up, and along with them, cyber operations became the go-to strategy for national governments. While Russia and other nations have used cyberattacks to support military actions in the past, the ongoing war represents the most sustained cyber operation to date and one that will undoubtedly continue in the coming year, experts say.
Military conflict will join cybercrime as a driving force behind APT groups in the coming year, John Lambert, corporate vice president and distinguished engineer at Microsoft’s Threat Intelligence Center, stated in the company’s Digital Defense Report 2022 released last month.
“The conflict in Ukraine has provided an all-too-poignant example of how cyberattacks evolve to impact the world in parallel with military conflict on the ground,” he said. “Power systems, telecommunication systems, media, and other critical infrastructure all became targets of both physical attacks and cyberattacks.”
While the increased use of APT attacks by Russia is the most visible change that occurred in the past year, APTs are evolving. More are moving onto critical infrastructure, adopting dual-use tools and living-off-the-land techniques, and pinpointing the software supply chain to gain access to targeted companies.
Cybercriminals are using increasingly sophisticated tools, but APT techniques are typically attributed to nation-state operations, meaning that companies need to become more aware of the techniques used by advanced actors and how they may be motivated by geopolitical concerns, says Adam Meyers, senior vice president of intelligence for cybersecurity services firm CrowdStrike.
“You don’t have one uniform threat — it changes by business vertical and geo-location,” he says. “You — and this has been our mantra for many years — don’t have a malware problem, you have an adversary problem, and if you think about who those adversaries are, what they are after, and how they operate, then you will be in a much better position to defend against them.”
Critical Infrastructure, Satellites Increasingly Targeted
In 2021, the attack on oil-and-gas distributor Colonial Pipeline highlighted the impact that cybersecurity weakness could have on the US economy. Similarly, this year’s attack on the Viasat satellite communication system — likely by Russia — showed that APT threat actors have continued to focus on disrupting critical infrastructure through cyberattacks. The trend has gained momentum over the past year, with Microsoft warning that the number of nation-state notifications (NSNs) the company issued as alerts to customers more than doubled, with 40% of the attacks targeting critical infrastructure, compared to 20% in the prior year.
Critical infrastructure is not just a target of nation-state actors. Cybercriminals focused on ransomware are also targeting critical infrastructure companies, as well as pursuing a hack-and-leak strategy, Kaspersky stated in its recently published APT predictions.
To read the complete article, visit Dark Reading.