Nation-state actors drive up cyberthreats

By Alexei Alexis for CFODive.com

• Organizations face heightened cyberthreats from malicious nation-state actors seeking to gain access into private and public computer networks — in some cases with the help of unsuspecting insiders, according to a report from cybersecurity firm DTEX Systems.

• The number of DTEX customers asking for support in protecting their organizations against foreign interference has increased 70% since 2022, with most requests coming from critical infrastructure and the public sector, according to the report, released Tuesday.

• “The past year has seen a sharp rise in the stealth and frequency of foreign interference, as state actors weaponize technology to socially engineer trusted insiders,” the report said.

Microsoft, Hewlett Packard Enterprise and UnitedHealth are among companies that have recently reported cyber breaches attributed to nation-state actors.

Unlike cybercriminals, nation-state actors focus on conducting intelligence operations to gain intellectual property and data to serve an economic or military goal, according to a separate report from the Center for Strategic and International Studies, a think tank, and Trellix, a cybersecurity firm.

The risk to organizations is significant, with the average nation-state-backed cyberattack costing an estimated $1.6 million per incident, the report said.

Such attacks also pose an elevated threat to national security, according to the Cybersecurity and Infrastructure Security Agency. The attacks from nation-states involve prolonged network intrusion, allowing for espionage, data theft and system disruption, according to the agency’s website.

The issue has become a growing concern for the Biden administration.

“[W]e’re dealing with a host of unique threats from nation-states aimed at disrupting our democratic society,” FBI Director Christopher Wray said during an April 4 cybersecurity conference at the University of Kansas, according to prepared remarks. “Now more than ever, foreign adversaries like the governments of China, Russia, Iran, and North Korea are using cyber operations to undermine us and achieve their strategic objectives.”

In one example, Microsoft disclosed last month that Midnight Blizzard, a Russia state-sponsored threat actor, was using information it previously stole from the software giant to gain deeper access into the company’s IT systems.

“This has included access to some of the company’s source code repositories and internal systems,” Microsoft said in a Securities and Exchange Commission filing at the time. “To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

Midnight Blizzard, also known as APT29, Nobelium or Cozy Bear, is best known for its intrusions of the Democratic National Committee surrounding the 2016 U.S. election, according to a Reuters report.

When it comes to nation-state cyber attacks, the hardest hit sectors are those with access to intelligence that can be used for economic, military, or technological advantage, according to the DTEX study.

“Increasingly, threat actors are pursuing everything from critical research and innovation IP to classified nuclear intelligence and information on how critical infrastructure operates,” the report said. “Many are exploiting social platforms — from professional networking sites, email, messaging and even dating applications — to hide behind a fake persona and lure insiders into an information exchange.”

The rise of AI has elevated the threat, making such campaigns “an attractive tactic for threat actors, who can now target and outsmart trusted insiders at enormous scale with minimal cost and effort,” the report said.