Two-thirds of Attributable Malware Linked to Nation States
Most of the attributable malware used in attacks on Netskope customers over the past year are linked to state-backed groups, the vendor has claimed.
The SASE provider based its findings on 12 months of data collected from customer environments, claiming the largest share of malware attacks came from North Korean groups, followed by China and Russia.
The figure could be even higher, given that Microsoft revealed this week that state-affiliated actors are outsourcing operations to cybercriminals.
Taken at face value, the Netskope findings would seem to validate warnings from the security services that state-backed cyber-threats are spiralling out of control. MI5 director general, Ken McCallum, warned last week of the growing digital threat from Russia in particular.
However, the findings shouldn’t be interpreted as “66% of all cyber-attacks are state-backed,” because not all attacks feature malware.
Read more on state-sponsored threats: “Disturbing” Rise in Nation State Activity, Microsoft Reports.
Ray Canzanese, Director of Netskope Threat Labs, was also at pains to point out that attribution can be challenging, which further clouds the picture.
“Adversaries try to hide their true identities or even intentionally launch false-flag operations wherein they try to make their attacks appear as though they came from another group. Multiple groups often use the same tactics and techniques, some going as far as to use the same exact tooling or even share infrastructure,” he told Infosecurity.
“Even defining adversary groups can be challenging, as groups evolve or members move between groups. For these reasons, adversary attributions are an ongoing process, subject to change and evolve as new information comes to light and the landscape shifts.”
Indeed, looking at data breaches alone, the latest Verizon analysis reveals that financially motivated attacks – largely carried out by cybercrime groups – comprised over 90% of the total analyzed by the vendor last year.
From Profit to Destruction
However, Netskope’s warnings certainly carry some weight as emboldened nation state actors expand their operations. The security vendor said that a growing number of attacks target cloud applications for entry and exfiltration – with North Korean actors focusing mainly on profit, while China and Russia target high-value victims such as critical infrastructure providers for disruption and cyber-espionage.
“There is no doubt that we are witnessing a global escalation of cyber-attacks carried out by nation state actors as a form of ‘quiet war’ on nation states that are currently officially at peace,” argued Netskope CEO, Sanjay Beri.
“Understanding these nuances is critical for businesses and individuals operating in today’s connected world – because the first and most important step in putting in place the best cyber defense strategy is understanding who is targeting you, what their goals are, and how they’re trying to achieve them.”