What businesses should do to protect against state-aided cyber attacks

Nation state cyberthreats are growing in prevalence, persistence, and scale across the globe. As evidenced by the latest activity in Ukraine, nation state actors are emboldened to take action via cyberspace. In fact, Trellix’s most recent Threat Labs Report: April 2022 detailed an upsurge in cyber threats likely from a Russian-backed actor in the fourth quarter of 2021.

In the first quarter of 2022, it was found that threat campaigns including HermeticWiper were focused on weaponising cyberthreats against Ukrainian infrastructure in the Eurasia region conflict. This trend is compounded by new research from Trellix and the Center for Strategic and International Studies (CSIS) that reveals Australian businesses believe Russia (47%) and China (46%) are most likely behind the nation state attacks that have targeted their firms.

97% of Aussie businesses believe they have been targeted by a cyberattack conducted by a group acting on behalf of a nation, with the average attack costing about $1.5m per incident.

So, who’s most at risk?

 In Q4 2021, we saw a big increase in cyberactivity targeting essential sectors, including:

  • Transportation and shipping were the target of 27% of all persistent threat detections.
  • Healthcare was the second most targeted sector, bearing 12% of total detections.
  • From Q3 to Q4 2021 threats to manufacturing increased 100%, and threats to information technology increased 36% according to research.
  • Of Trellix clients, the transportation sector was targeted in 62% in Q4 2021

How can businesses best protect themselves?

While the implications of cyber-attacks on critical infrastructure are far more sinister, regardless of where you operate, you’ll only be able to keep up with prevalent threats when you adopt cybersecurity defenses that evolve alongside them. But where do you even start?

Get clear about what you are actually trying to protect

If you’re not sure where to start, identify the high and low-priority targets within your organisation—that is, what assets attackers are likely to want most and least—and guide your internal cybersecurity planning and process accordingly before you fall victim.

Aussie respondents to a recent survey identified access to consumer data such as client and citizen records (47%) and access to confidential information such as business or government information (42%) as the top motivations for the nation state cyberattacks on their organisation within the past 18 months, as well as in the future (86% and 43% respectively).

Maintain your cyber hygiene

High-profile cyber incidents such as the infamous attack on SolarWinds serve as a reminder that basic security measures are not to be overlooked or underestimated in their ability to thwart attackers. Whether that be routine patching and updating, maintaining logs, using encryption for sensitive data or implementing multifactor authentication for all users, the most simple and easily implemented actions can be extremely effective in mitigating risk.

Don’t let cobwebs form around your cybersecurity posture

State aided cyberattacks are often made successful by firms that attempt to use outdated IT infrastructure to protect against the sophisticated techniques used by actors. A more holistic and integrated approach to cybersecurity is required to wrangle the target that is adequate protection against evolving threats—enter Extended Detection and Response (XDR).

Combining data from the whole landscape of IT assets, including mobile devices, emails and cloud infrastructure, Extended Detection and Response aims to simplify security management, enabling firms to identify and stop threats with higher efficacy. Only 31% of Australian respondents to our recent survey reported fully deploying EDR-XDR solutions.

24% have deployed cloud cybersecurity modernisation, under a quarter have deployed multi factor authentication (24%), and less than a fifth (16%) have deployed zero trust.

We are at a rather critical juncture in cybersecurity and are observing increasingly hostile behavior from nation states across an ever-expanding attack surface—particularly as it targets the world’s critical infrastructure. By taking these steps that both cover the basics and call for the deployment of the latest and most robust security frameworks, businesses of all industries will be better placed to protect themselves from trending threat vectors.

Christiaan Beek is the Lead Scientist and Principal Engineer at Threat Labs, Trellix.