Threat intelligence and the importance of knowing your ‘attackers’
In times of a global pandemic, the digital world supports us tremendously by keeping the world connected whilst we practice social distancing.
However, what has been overlooked is the increasing online threats that suggest economies are not ready to go completely digital. Japan has had many reasons to focus on the security of the nation’s cyber defences. Increasing public worry of cyberattacks have been prevalent, and this is also due to low confidence in their government’s preparedness for dealing with an attack of this kind.
As such, Computer Futures held a virtual cybersecurity meet-up hosted by Gino Bautista, along with industry experts to discuss COVID-19 attacks, ransomware, the future of network security and implications for companies.
Threat intelligence and the importance of knowing your ‘attackers’
We welcomed Scott Jarkoff, Director - Strategic Threat Advisory Group APJ and EMEA at Crowdstrike as our valued guest speaker. In Jarkoff’s sharing, he highlighted the need to ‘know your adversaries’. Businesses tend to focus on the execution of defence against cyberattacks, but fail to understand the motivations behind such attacks. As such, this causes them to be more reactive, rather than preventive when tackling cyberattacks.
Jarkoff posited that “Behind every attack, there is always a human. Those humans can be motivated by patriotism of the nation state, financial gain which is prevalent to e-crime, political or ideological messages through hacktivism.”
Ransomware have been proliferating and e-crime has grown exponentially since 2019, and attackers can be broken down into sub-categories below.
Types of threat actors you should be aware of today
1. Nation state threat actors
Jarkoff listed some of the top threat actors from countries which include Russia being the most sophiscated in terms of capability, followed by China, Iran, North Korea and even Vietnam.
2. E-crime threat actors
Known uniquely as ‘Spiders’, the ‘Indrik Spider’ and ‘Wizard Spider’ were known to be the most prolific in 2019, profiting USD100 million revenue in just one cyberattack case.
3. COVID-19 themed intelligence
The pandemic has brought about a new window of opportunity for cyberattacks to lure its victims. This include attacks that will result in inevitable data leakages at a price and this has spiked the number of cases in e-crime activities.
Types of activities that may trigger cyberattacks across the globe
- Made in China 2025
China possess a desire to reduce its reliance on foreign manufacturers. Instead, it is intending to develop an organic manufacturing hub domestically. This move is also in light of shifting away from low quality manufacturing, to become a more dominant power in a high-tech sector that is recognised across the world.
However, COVID-19 have impeded the productivity of its manufacturing sector, having been the first country to go under lockdown. This reduction in output from manufacturing will also lead to a long-term impact on the country’s growth.
As such, China also plans on establishing a ‘Digital Silk Road’ to rebuild on their growth plans, enhance trade, collaboration and innovation with countries like Africa, Asia and Europe.
- Global COVID-19 Vaccine Race
The World Health Organisation have identified a total of 76 projects for development of a COVID-19 vaccine. This has heated up a global competition to be the first to innovate a cure for the pandemic. As such, speculations of stealing intellectual property have been on the rise.
Pharmaceutical companies working on a vaccine whether on drugs or treatments to fight the coronavirus face an increased risk of cyberattack, according to cybersecurity experts. The security challenges facing these companies are also compounded by the fact that many have a large remote workforce, which puts them at bigger risk. People in clinical trials with pharmaceutical companies are equally vulnerable, since their personal information are now being tracked.
- Circus Spider – e-crime in Asia Pacific (APAC)
These e-crime attacks function on Netwalker ransomware, and is operated in ransomware-as-a- service model. Significantly growing in reach within APAC, ransom demand can range from USD1,000 to a massive amount of USD3 million.
During the session, a question was raised on whether one should pay the ransom amount when faced with such attacks. Jarkoff shared that while law enforcements would encourage that you don’t, it is still ultimately a business decision and there are a lot of variables that goes into this. Thus, a risk-based evaluative approach should be taken to decide on this.
Circus Spider’s presence is nonetheless largely felt and seen in the healthcare space especially during times of a pandemic in which this have become more prevalent. According to Crowdstrike, Netwalker ransomware has been actively used by criminal actors since September 2019; earlier names given to this ransomware family included Mailto, Koko, and KazKavKovKiz. The use of COVID-19 lures and targeting entities in the healthcare sector indicate that the operators of Netwalker are taking advantage of the global pandemic in order to gain notoriety and cover more ground across the world.
Key recommendations to organisations from Cyber experts
While having intel on the technicalities and reporting on them can be essential, what is needed most as posited by Jarkoff was ensuring that you have in place, a 24/7 human based threat hunting to keep watch of threats. Apart from that, be open to seeking partnerships with industry experts to stay informed and tap on the best technologies today.
Is COVID-19 changing the way of cyber attacks?
No – COVID-19 is in fact utilised as an additional lure that can be used to get people to click on attachments that may contain malware for instance. There have been no apparent changes seen in tactics, but new avenues have emerged.
Nonetheless, what makes Japan unique in comparison to the rest of the world is her inherent use of paper, over digital tools. As such, there seems to be less major attacks faced with little adoption of IT compared to other countries. However, one should not remain complacent as Japan’s IT market is picking up, and vulnerabilities may arise in the near future.
Interested to find out more?
Yosuke Shiraishi, Senior Sales Engineer at Netskope, also shared extensive insights on the future of network security and implications for companies in the session. Visit here to read the full report on his sharing.
Are you an expert within the cyber space looking to interact with other specialists? Contact us now to join the community and be involved in our next event by signing up here. Feel free to contact us from the form below if you are interested in your next career opportunity or you have any recruitment needs in cyber security space, or connect with Gino Bautista, our recruitment expert in the cyber security space on LinkedIn.