Two-thirds of attributable cyber attacks now come from state-backed attackers, lending weight to warnings from national security agencies about the scale of the threats faced by enterprises and public services alike.
Analysis from Netskope shows a marked escalation in state-sponsored attacks in recent years, with the company warning this trend shows no sign of slowing down.
Sanjay Beri, CEO and co-founder of Netskope, said cyber attacks waged by nation state actors now represent a form of ‘quiet war’.
“Under the surface of this worldwide escalation is a varied picture of different states pursuing widely divergent cyber attack strategies,” he said.
While attention has largely focused on the risks from Russia, China and Iran, data from Netskope indicates that North Korea is currently the world’s biggest offender in terms of the number of victims.
It’s been targeting victims en-masse through cyber crime and cryptocurrency theft, with the goal of stealing money to fund its military.
China and Russia, meanwhile, account for the second and third greatest number of attacks. Unlike North Korea, however, their goal is to disrupt and damage highly targeted pieces of critical national infrastructure, leading to a smaller number of higher impact, more targeted attacks.
Examples include the targeting of NHS England and the Electoral Commission, both of which were highly disruptive.
“The difference between North Korea’s cyber ‘carpet bombing’ and Russia’s ‘precision strikes’ means that if you’ve fallen victim to an online phishing attack, it’s unlikely that Russian government-backed actors were the cause,” said Beri.
“If, however, a critical piece of national infrastructure is down, then it’s more likely that they are. Understanding these nuances is critical for businesses and individuals operating in today’s connected world – because the first and most important step in putting in place the best cyber defense strategy is understanding who is targeting you, what their goals are, and how they’re trying to achieve them.”
Earlier this summer, the UK’s National Cyber Security Centre (NCSC), along with US and South Korean authorities, warned that a North Korea-linked threat group known as Andariel was compromising organizations around the world to steal sensitive and classified technical information and intellectual property data.
While it mainly targeted defense, aerospace, nuclear, and engineering entities, it also hit organizations in the medical and energy sectors to a lesser extent, stealing information such as contract specification, design drawings, and project details.
In March this year, the UK government warned that the Chinese state-sponsored attacks on parliamentarians and on the Electoral Commission would not be tolerated.
This particular incident prompted the government to summon the Chinese Ambassador and sanction a front company and two individuals identified as members of the APT31 hacking group.
Similarly, late last year, Russian-backed threat actors were thrust into the spotlight after the NCSC exposed a campaign by Russian Intelligence Services to interfere in UK politics and democratic processes.
More from ITPro
Source link