Threat increases from collaboration between nation-states and cybercrime rings

Adversaries are taking advantage of weak security fundamentals and a lack of countermeasures to carry out cyberattacks.

  • Saturday, 28th September 2024 Posted 1 month ago in by Phil Alsop

OpenText has released the results of its 2024 Threat Hunter Perspective. The report found that the collaboration and coordination taking place between nation-states and cybercrime rings to target global supply chains and further geopolitical motives has become a signature trend in the threat landscape.

For CISOs, the question isn’t whether attacks will happen, but what form they’ll take and how enterprises can prepare. According to Cybersecurity Ventures, the cost of cybercrime is projected to reach $9.5 trillion in 2024 and is expected to increase to $10.5 trillion by 2025. To understand the current threat landscape, CISOs need to know not just the types of threats but also who is behind them, when they might occur, why they’re happening, and how they’re executed. Connecting these dots helps threat hunters gain a clearer picture of the risks organizations face, enabling more effective preparation and response.

“Our threat intelligence and experienced threat hunting team have found that nation-states are not slowing down and, as notable events like the U.S. presidential election get closer, every organization in the global supply chain needs to be on high alert for advanced and multiple cyberattacks,” said Muhi Majzoub, executive vice president and chief product officer, OpenText. “Based on the report’s findings, enterprises need to be prepared for large-scale attacks, making adversarial signals, threat intelligence and defense capabilities more important than ever.”

Highlights from this year’s report, which explores comprehensive findings from OpenText threat intelligence and hunters on the front lines of cybersecurity, include:

Organized crime rings are supporting attacks by nation-states—possibly through direct collaboration or coordination—by attacking the same targets at the same time.

Russia has been seen to collaborate with malware-as-a-service gangs including Killnet, Lokibot, Ponyloader and Amadey.

China has entered into similar relationships with the Storm0558, Red Relay, and Volt Typhoon cybercrime rings, typically to support its geopolitical agenda in the South China Sea.

The top threats include Killnet (DDoS attacks), Lokibot (info-stealing malware) and Cobalt Strike (penetration testing tool used by APT groups).

Attackers are keyed in on specific events, especially major holidays, military aid to Ukraine, turning the upcoming U.S. presidential election into a time of imminent peril. Nation-states also target specific days of the week for cyberattacks:

Russian cyberattack activity typically follows a Monday through Friday schedule with spikes within 48 hours of an adversarial announcement.

Chinese attacks don’t follow a set schedule, though any data exfiltration is typically slated for Friday afternoons or Saturdays, when it’s more likely to be missed, with the data broken into smaller chunks to further reduce suspicion.

Evasion, misdirection and masquerading are helping adversaries get around defenses designed for direct attacks. Many attacks are taking advantage of weak security fundamentals, with victims increasing their vulnerability by not taking basic countermeasures.

Nations with weaker cyber defense infrastructure, like the Democratic Republic of Congo, Argentina, Iran, Nigeria, Sudan, Venezuela and Zimbabwe, have all been compromised, broadening the range of potential sources for a large-scale attack.

Global supply chains offer another indirect means of inflicting damage where the attacker might target the operations of a port or transportation network to disrupt a military aid shipment to have an indirect but significant impact on the primary target. 

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 4 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 4 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 4 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 4 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 4 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.