Earlier this month, Ukraine was the target of a series of cyberattacks, alleged to be part of a larger hybrid warfare campaign conducted by Russia. While geopolitical issues are beyond the scope of this blog post, these attacks should serve as a reminder for us all to pause and evaluate the impact state-sponsored cyber campaigns can have on enterprises and their InfoSec strategies, and what actions they can take.
How Do State-Sponsored Cyberattacks Affect Us?
“The supreme art of war is to subdue the enemy without fighting.” — Sun Tzu, The Art of War
The goal of these kinds of cyberattacks is typically to cripple critical services the country’s military and citizens rely on, often in advance of conventional war. They divert the attention of political leaders, fuel domestic unease, and affect military morale, all aimed at weakening an adversary before any conventional tactics are even used. Such campaigns are often covert, can be seeded in “peaceful” times, and can extend over long periods.
Unfortunately, the battleground for these cyber campaigns can be your IT infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) identifies 16 critical sectors “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” By encrypting critical information with or without ransomware demands; launching Tbps-scale DDoS attacks, and in worse cases; and controlling operational technology (OT) networks (with initial access gained through IT networks), attackers can cause economic, political, and social chaos.
Add to that espionage. Targeting of public and private sector organizations by foreign intelligence services is an old tactic, but the use of malware to steal trade secrets like blueprints and source code is relatively new. This can affect a targeted company’s ability to compete in the market and lead to reputational damage as well as legal and other costs.
Actions You Can Take Today
Advanced persistent threat (APT) groups that launch highly focused, sophisticated, and well-funded campaigns often drive state-sponsored cyberattacks. But even APTs tend to reuse familiar tactics such as spear phishing, brute force access (through commonly used and stolen credentials), and command-and-control connections via a domestic proxy. CISA outlined critical mitigation mechanisms against common attack tactics in a January 11 alert. But in addition to enforcing appropriate tools and policies, InfoSec leaders have a critical role to play, as well. Let’s look at three things they can do.
- Build efficiencies and automation to refocus cybersecurity experts: There’s more cybersecurity work to do than there are cybersecurity professionals, so it’s critical to increase efficiencies and add automation to reduce workloads. As you explore advanced cybersecurity methods such as MFA, zero trust access, app security for hybrid multi-cloud architectures, and ML-based anomaly detection, focus on reducing vendor and tool sprawl.By consolidating vendors and choosing those that offer greater automation and interoperability with your existing environments, you can redirect highly skilled InfoSec workers to more intensive tasks such as threat hunting and penetration testing, while upskilling workers from other parts of IT for easier administrative tasks of managing cybersecurity infrastructure.
Two-thirds of organizations (66 percent) are actively consolidating the number of cybersecurity vendors they do business with. — ESG
- Make 2022 the “No Phishing” year: Spear phishing is a commonly used tactic. Why? Because it works! It’s important to focus on altering employee behavior to identify and alert IT to phishing attempts, rather than just working to raise employee awareness around general cybersecurity issues. Gamification of phishing tests with positive reinforcement and connecting employees directly with the InfoSec team (e.g., a Slack channel to report suspicious emails) are easy approaches that can yield high returns.
- Protect your supply chain: Customer-facing apps and services are an increasingly critical part of enterprise revenue streams, driving customer engagement and stickiness. Organizations must prioritize the security of the apps and the data within them. Supply chain attacks from APTs such as REvil and NOBELIUM inserted malicious code in software updates, affecting thousands of organizations downstream, and the trend is only expected to get worse.As part of any cybersecurity overhaul, you must protect your organization against supply chain attacks and secure your own software supply chain against external and internal threats. Ask yourself, are your software developers accessing their development environments through a secured DaaS solution (to minimize intellectual property stored on endpoint devices) that offers functionality like MFA, anti-keylogging, and clipboard access controls? Do you have controls for data loss prevention and anomaly detection? Comprehensive protection of your supply chain will help you secure your trade secrets and ensure your software isn’t as a threat vector that can harm your customers.
Those are just three ideas to help you get started. Conflicts between nations extend into the cyber world today and can affect everyone. Our opportunity here is to share best practices and threat insights and collaborate to ensure everyone, everywhere is protected and to reduce the efficacy of cyber campaigns. Ultimately, this will require changes in government policy, business cultures, and how vendors partner with each other. It’s an ambitious goal, but it’s one worth striving for.
As always, Citrix is happy to advise and assist your organization in its cybersecurity efforts. Reach out to us so we can help you get started.
