Nation-state threat actors remain steps ahead of defenders

Dive Brief:

Nation-state threat actors are targeting organizations, outstriping the ability of cybersecurity professionals to detect them accurately, according to research from Vanson Bourne, on behalf of Trellix and the Center for Strategic and International Studies.
The report shows 86% of IT decision-makers believed their organizations had been targeted by a threat actor operating on behalf of a nation-state. But only 27% of respondents were confident in their organization’s ability to determine accurately whether a nation-state or criminal actor was behind an attack.
Nine in 10 respondents said they would like governments to provide additional support and help protect critical infrastructure. The study is based on a survey of 800 IT decision-makers across the U.S., Australia, France, Germany, India, Japan and the U.K. during November and December 2021.

Dive Insight:

There is a chasm between the risk presented by nation-state threat actors and the ability of organizations to defend against such sophisticated and patient adversaries.

The line between certain nation-states and threat actors that operate on their behalf is increasingly blurred, the research shows.

Perpetrators can mask their origin, which provides a certain level of deniability, according to Christiaan Beek, lead scientist and principal engineer at Trellix Threat Labs and John Fokker, head of cybersecurity investigations and principal engineer at Trellix.

"Nation-state threat actors are persistent and mission-oriented, which makes it that much more difficult for private organizations to defend effectively," said Allie Mellen, analyst, security and risk at Forrester.

While many IT security leaders expressed a high degree of confidence in their ability to trace the source of an attack accurately, the data reveal the hubris.

Three-quarters of respondents suspect a nation-state actor targeted their organizations in the 18 months prior to the study. But only one-third of respondents had a high degree of certainty .

Lisa Monaco, deputy attorney general at the U.S. Department of Justice, said criminal hacking groups were increasingly working more closely with nation-states, during a roundtable on cybersecurity in October 2021, according to the report. These alliances make it far more difficult to discern between a pure nation-state attack as opposed to a proxy attack that uses a criminal group for cover.

Critical infrastructure providers have been on guard for months amid the increased threat of attacks linked to Russia's war in Ukraine. The FBI, National Security Agency and Cybersecurity and Infrastructure Security Agency have repeatedly warned critical infrastructure providers about the risk of ransomware or state-sponsored attacks against energy, telecom or other sensitive targets in the U.S. or NATO allies.

Unlike criminal actors, nation-state threat actors are not motivated by financial gain and have a great deal of sophisticated resources and patience. As was seen during the SolarWinds attack, blamed on Russia, nation-state actors can lurk inside a compromised network for months without detection.