Reports indicate increasing threat from state-sponsored cyber attacks – campus technology

Reports indicate an increasing threat from state-sponsored cyber attacks

A variety of new cybersecurity reports highlight the ongoing problem of nation-state-sponsored threat actors. The main culprits have long been Russia, China, Iran and North Korea, all of which appear in recent reports from Microsoft, IBM, Tenable and Fortinet.

“Nation-state attacks have remained undeterred and have increased in scale and aggressiveness,” Microsoft’s Tom Burt said in an Oct. 15 article titled “Escalating cyber threats require stronger global defense and cooperation.”

Several other reports cite the same culprits, but Microsoft is leading the charge, calling on the government to get involved in combating cybersecurity threats by combining defense strategies with strong deterrence.

“Once again, nation-state threat actors have demonstrated that cyber operations – whether for espionage, destruction or influence – play an ongoing supporting role in broader geopolitical conflicts,” Burt said. “The escalation of cyber attacks is also being driven by the fact that we are seeing increasing evidence of collaboration between cybercrime gangs and nation-state groups sharing tools and techniques.”

To address the problem, Microsoft said it needs to focus on cyber defenses and get buy-in from individual users, business leaders and government leaders.

Highlights of the report include:

• Russian threat actors appear to have outsourced some of their cyber espionage operations to criminal groups, particularly in operations against Ukraine. In June 2024, a suspected cybercrime group used commodity malware to compromise at least 50 pieces of Ukrainian military equipment.
• Iranian nation-state actors used ransomware in a cyber-enabled influence operation and marketed stolen Israeli dating website data. They offered to remove certain individual profiles from their data storage for a fee.
• North Korea is getting into the ransomware game. A newly identified North Korean actor developed a custom ransomware variant called FakePenny, which it deployed to aerospace and defense organizations after exfiltrating data from the affected networks – revealing both the motivations for collecting information and demonstrated for monetization.

The latter country was also mentioned this month in a report by IBM titled “X-Force Cloud Threat Landscape Report 2024,” which said: “Threat actors are increasingly using trusted cloud-based services such as Dropbox, OneDrive and Google Drive.” for command-and-control communications and malware distribution,” adding, “North Korean state-sponsored groups, including APT43 and APT37, conducted multi-stage attacks against cloud-based services to distribute remote access trojans (RATs).”

Although this report did not otherwise focus on foreign threats, it did provide the following findings:

• Phishing is the leading initial access vector. Over the last two years, phishing accounted for 33% of cloud-related incidents, with attackers often using phishing to obtain credentials through adversary-in-the-middle (AITM) attacks.
• Business Email Compromise (BEC) attacks involve credentials. BEC attacks, in which attackers spoof email accounts and impersonate someone within the victim organization or another trusted organization, accounted for 39% of incidents over the past two years. Threat actors often exploit credentials collected in phishing attacks to take over email accounts and conduct other malicious activities.
• Demand for cloud credentials on the Dark Web remains despite market saturation. Access via compromised cloud credentials was the second most common initial access vector at 28%, despite overall mentions of SaaS platforms on dark web marketplaces declining 20% ​​compared to 2023.