The evolving threat landscape: nation state, third party attacks and cyber vandalism

Connected devices and flexible working practices may be beneficial to employees, but they have caused the boundaries of organisations to ebb and flow more than ever before. This, combined with increasingly complex partner ecosystems, means the days are over where a firewall alone was sufficient protection to halt those with malicious intent.

In the modern business landscape, the use of third party suppliers is prolific. In fact, a recent survey from Thomson Reuters entitled ‘Third Party Risk: Exposing the Gaps’ found that 70 per cent of organisations have become more flexible and competitive because of third party relationships. 

With this in mind, plus the fact other businesses now have responsibility for your privacy, it’s no longer enough for businesses to understand just their own security set up. Every organisation within a company’s supply chain needs to be equally aware of, and shored up against, the risks posed by the evolving threat landscape.

Getting to know your third parties

With regulations such as General Data Protection Regulation (GDPR), Open Banking and the Second Payment Services Directive (PSD2) on the horizon, it’s critical for organisations to know and understand their entire ecosystem. By undertaking overarching audits on a regular basis and turning this into a mandated process, business can do just that. It also presents them with an opportunity to foster good threat intelligence sharing regimes and protect the whole supply chain from attackers. 

For businesses in this situation, ensuring there isn’t a weak link in the chain can be the difference between being hit with an attack or crippling fine, or not. At a time when cyberattacks are big news and hitting the headlines on almost a daily basis, working closely with third parties in the supply chain on cyber strategy is the best way to ensure business survival and avoid failure.

The psychology of a hacker

While attacks on third parties aren’t new, they are becoming more prolific. This evolution in the threat landscape is also being identified elsewhere in the industry, with one key example being the significant rise in cyber vandalism which has become apparent in recent years. On the plus side however, there is now much more data available to businesses allowing them to identify changes in attackers’ approaches and protect themselves before they become an issue. 

Using cyber vandalism as an example, it’s often difficult to see what reward comes from these form of attacks. This may be students looking to show off their cyber talents, researchers inventing new methods of infecting a system, or even developers who are creating more professional and serious viruses – this is often true of the state sponsored attacks too. Despite this, whoever the attacker, it’s quite safe to say that it’s very rare to be able to identify a motive for cybercrime like this.  

Looking at the Petya attack as an example, the motives of the attackers behind it are still a mystery. Unleashed in networks just two months after the WannaCry breach in July 2017, the United Nations’ top cybercrime official claimed that, while the attack was incredibly advanced and sophisticated, their strategy suggested money was not the motive. This makes attribution very difficult, as without a clear motive behind an attack – in this case, the use of highly unsophisticated attack vectors could challenge the nation state attribution assertion – it’s almost impossible to identify a pattern in behaviour and prevent future attacks.

Taking immediate action

Enterprises at all stages of the supply chain are under a constant barrage of cyberattacks. With the threat landscape evolving in these various ways and attacks becoming ever-more sophisticated, having time to stop and think about the actor behind the malicious intent may seem like a luxury. However, businesses need to start looking at cyberattacks from the adversary’s perspective to understand what is most attractive to an attacker. Is it more lucrative for them to attack the smaller businesses in the chain in a bid to reach the larger organisations, or will they go straight for the jugular and the top of the chain?   

Without this understanding problems will persist and organisations will fall further behind new developments as the threat landscape continues to evolve. Corporations need to act now if they are to ensure their cybersecurity strategies are keeping up with the attackers. Only then can they prevent the next newspaper headline from featuring their name – or the name of one of the organisations within their networks.     

Chris O’Brien is Director of Intelligence Operations at EclecticIQ. Before joining EclecticIQ, Chris held a post as Deputy Technical Director in the NCSC specialising in technical knowledge management to support rapid response to cyber incidents.