Microsoft recently released its annual Digital Defense Report, which is focused on illuminating the evolving digital threat landscape and helping the cyber community understand the most pressing threats. While the report covers five key topics, there is a particular focus on nation-state threats and the rise of cyber mercenaries.
Nation-state threats have taken center stage in 2022 with the launch of Russia’s cyber war on Ukraine, which has continued into 2023. We’re seeing nation-state actors elsewhere increase activity and leverage advancements in automation, cloud infrastructure, and remote access technologies to attack a wider set of targets.
One of the key nation-state trends that emerged in 2022 is an increased focus on IT supply chains. Nation-state cyber threat groups have moved from exploiting the software supply chain to exploiting the IT services supply chain. These actors often target cloud solutions and managed services providers to reach downstream customers in the government, policy, and critical infrastructure sectors. Over half (53%) of nation-state attacks targeted the IT sector, nongovernmental organizations (NGOs), think tanks, and the education sector.
Another trend that has emerged is the emergence of zero-day exploits. Nation-state actors are pursuing new and unique tactics to deliver attacks and evade detection. One prime example is the identification and exploitation of zero-day vulnerabilities. Zero-day vulnerabilities are a security weakness that, for whatever reason, have gone undiscovered. While these attacks start by targeting a limited set of organizations, they are often quickly adopted into the larger threat actor ecosystem.
Perhaps the most concerning trend is the rise of cyber mercenaries. Private-sector offensive actors are growing increasingly common. Also known as cyber mercenaries, these entities develop and sell tools, techniques, and services to clients — often governments — to break into networks and Internet-connected devices. While often an asset for nation-state actors, cyber mercenaries endanger dissidents, human rights defenders, journalists, civil society advocates, and other private citizens by providing advanced surveillance-as-a-service capabilities.
The sophistication and agility of nation-state attacks is only going to continue to grow and evolve. It’s up to organizations to stay informed of these trends and evolve their defenses in parallel. One way to do this is to prioritize patching of zero-day vulnerabilities. Even organizations that are not a target of nation-state attacks have a limited window to patch zero-day vulnerabilities, so don’t wait for the patch management cycle to deploy. Once discovered, organizations have, on average, 120 days before a vulnerability is available in automated vulnerability scanning and exploitation tools. We also recommend documenting and cataloging all enterprise hardware and software assets to determine risk and decide when to act on patches.
Another way to protect your organization is to know your risks and react accordingly. Nation-state groups’ cyber targeting spanned the globe in 2022, with a particularly heavy focus on US and British enterprises. It’s important to stay up to date on the latest attack vectors and target areas of key nation-state groups so that you can identify and protect potential high-value data targets, at-risk technologies, information, and business operations that might align with their strategic priorities.
Finally, organizations must protect their downstream clients. The IT supply chain can act as a gateway to the digital ecosystem. That’s why organizations must understand and harden the borders and entry points of their digital estates, and IT service providers must rigorously monitor their own cybersecurity health. Start by reviewing and auditing upstream and downstream service provider relationships and delegated privilege access to minimize unnecessary permissions. Remove access for any partner relationships that look unfamiliar or have not yet been audited. From there, you can implement multifactor authentication and conditional access policies that make it harder for malicious actors to capture privileged accounts or spread throughout a network.
Overall, the rise of nation-state cyber threats and the use of cyber mercenaries is a growing concern. Organizations must take proactive steps to protect themselves and their downstream clients. This includes prioritizing patching of zero-day vulnerabilities, understanding their risks, and hardening their digital estates. By doing so, they can stay one step ahead of this evolving threat landscape.