Protecting the Supply Chain from Nation-State Attacks
Cybersecurity aims to remain at least one step ahead of cybercriminals at all times. Cyberattacks are often considered to be the actions of bad actors motivated by monetary gain. However, nation-state attackers threaten to disrupt business, educational, and government operations and are often not motivated by money.
What are nation-state attackers?
Nation-state attackers are individuals or groups that a national government or political group sponsors to carry out cyberattacks against another country, industry, or company for various political or ideological purposes. Some of the goals of these groups include damaging critical infrastructure, gaining media attention, or acquiring intelligence (espionage) from businesses or government agencies.
Primary targets of nation-state attacks
According to Statista, the top industry sectors most targeted by nation-state or state-affiliated cyber threat actors from 2020 to 2023 were:
- Education
- Government
- Think tanks and NGOs
- IT
- Communications
Why are attacks carried out?
The main goal of nation-state cyberattacks is primarily to gain access to the target’s critical systems to inject malware. Access can be obtained by stealing login credentials through phishing or social engineering or by exploiting hardware or software vulnerabilities.
There are several motivations for access:
- Espionage – These hackers are attempting to access sensitive data on governments, researchers, or companies. They might try remain undetected for as long as possible to view as much information and traffic as possible.
- Disruption – In addition to accessing sensitive data, these hackers will encrypt the target’s data, bringing their systems to a halt and extorting money in return for their decrypted data. It should be noted that paying a ransom does not always guarantee that the data will ever be restored.
- Finding larger targets – Sometimes, hackers target a smaller entity through a known vulnerability in an effort to access larger profile targets upstream.
Edge devices such as routers, switches, and other hardware directly connected to the internet are often targets of attacks and yet are frequently overlooked. Particularly vulnerable are older devices whose firmware is no longer updated or whose vulnerabilities have been identified but no patches have been issued yet (called “zero-day vulnerabilities”). Zero-day vulnerabilities have a short lifespan and are highly sought after on the Dark Web.
Nation-state attacks and the supply chain
More and more, the global supply chain is becoming a prime target for nation-state attackers because of the multiple systems used to connect suppliers, vendors, and logistics providers. These attacks can affect multiple parties simultaneously.
For example, the SolarWinds attack in December 2020 affected U. S. government agencies and Fortune 500 companies that used SolarWinds software infected with malware from Russian-backed hackers. The cost of the SolarWinds attack is projected to cost each company affected over $18 million, with an overall cost running into billions of dollars. The SolarWinds example is not unique. 2023 saw some of the largest data breaches to date:
- The identity and access management solutions firm Okta was compromised by a hacker using a stolen authentication token. Information on all of its customers was accessed.
- The Russian ransomware organization Cl0p exploited a zero-day vulnerability in file transfer software firm MOVEit’s infrastructure, affecting more than 2600 organizations worldwide. The hackers were able to access multiple company networks and steal their data.
- MGM Resorts and Caesars Entertainment, two high-profile Las Vegas brands, were victims of social engineering attacks that resulted in the theft of customer data and cost both companies a combined total of over $100 million in damages.
Steps to defend yourself
Nation-state attackers typically have access to advanced technical equipment and expertise. While they primarily target other government agencies, critical infrastructure, and large companies, no country, company, or industry is immune to an attack. The phrase “you are only as strong as the weakest link in the chain” applies here: Often, smaller companies that are part of a larger supply chain are targeted to gain access to the larger entities. In addition, the sophisticated cyberattack techniques used by nation-state groups are also finding their way into the hands of bad actors who are using them for monetary gain.
To defeat today’s cybercriminals requires a dedicated effort to ensure the protection of your company’s exposure to internet threats. Passwords are easily compromised, and even Multifactor Authentication (MFA) has proven ineffective against a persistent attacker.
Here are some steps you can take to defend yourself:
- Train your employees to be alert to phishing and other attacks.
- Continually check activity logs and unusual activity for early detection and prevention of cyber threats.
- Perform regular backups of all your data and test the backups to ensure that you can restore your systems in the event of an attack.
- Have a response and escalation plan and revise it regularly to prepare staff on the proper procedures to follow in the event of a security breach.
- Establish and maintain a proactive threat posture. Ensure all hardware, firmware, and software are updated regularly to prevent intrusions.
- Monitor OSINT and the dark web to learn about known vulnerabilities in your hardware or software. It can take days or weeks from when a vulnerability is identified to when the manufacturer provides a fix.
- Institute more robust security measures to gain access to your systems, including:
- Passwordless authentication
- Conditional access policies
- Identity management
- Geofencing
- Periodically audit the vendors with whom you do business. An attack might not be targeted at you, but you can be exposed if your vendor’s network or equipment is compromised.
Download our eBook, Cybersecurity Threats & Countermeasures, to learn more about steps you can take to protect yourself from cyberattacks. Or contact ArcherPoint to learn more about how to safeguard your organization from threats posed by nation-state attackers.