Nation-states and cybercriminals work together to cause more damage
A new report from OpenText finds that collaboration and coordination taking place between nation-states and cybercrime rings to target global supply chains and further geopolitical motives has become a signature trend in the threat landscape.
Russia has been seen to collaborate with malware-as-a-service gangs including Killnet, Lokibot, Ponyloader and Amadey, while China has entered into similar relationships with the Storm0558, Red Relay, and Volt Typhoon cybercrime rings, typically to support its geopolitical agenda in the South China Sea.
Attacks are targeting specific events, especially major holidays and military aid to Ukraine, turning the upcoming US presidential election into a time of imminent peril. Nation-states also target specific days of the week for cyberattacks. For example Russian cyberattack activity typically follows a Monday to Friday schedule with spikes within 48 hours of an adversarial announcement. Chinese attacks are less predictable, though any data exfiltration is typically planned for Friday afternoons or Saturdays, when it's less likely to be noticed
"Our threat intelligence and experienced threat hunting team have found that nation-states are not slowing down and, as notable events like the US presidential election get closer, every organization in the global supply chain needs to be on high alert for advanced and multiple cyberattacks," says Muhi Majzoub, executive vice president and chief product officer at OpenText. "Based on the report's findings, enterprises need to be prepared for large-scale attacks, making adversarial signals, threat intelligence and defense capabilities more important than ever."
Evasion, misdirection and masquerading techniques are helping adversaries get around enterprise defenses designed for direct attacks. Many attacks are taking advantage of weak security fundamentals, with victims increasing their vulnerability by not taking basic countermeasures.
Global supply chains also offer an indirect means of inflicting damage where the attacker might, for instance, target the operations of a port or transportation network to disrupt a military aid shipment and have an indirect but significant impact on the primary target.
The full 2024 OpenText Enterprise Threat Report is available from the company's site.
Image credit: peshkov/depositphotos.com