By: B.K. Gogia
The persistent threats by several nation states have produced a watershed year for cybersecurity. We have watched as hackers have taken a particular focus on multiple technology solutions, services, and reseller companies, exploits on-premises servers, and the exposure of widespread supply chain vulnerabilities. One of the leading aggressors is Russia, which is suspected to be behind efforts ranging from election misinformation to supply chain disruption. During a recent bilateral meeting, President Joe Biden warned Russian President Vladimir Putin to bring an end to the cyberattacks that have wreaked havoc on American interests.
Russian government-linked hacking groups like APT 28, also known as “Fancy Bear,” have been focusing on governments, diplomatic and defense entities, think tanks, NGOs, higher education, and defense contractors. They have been collecting intelligence on defense and geopolitical issues – intelligence that would be useful only to a government. The “Fancy Bear” is known to have operation that sought to influence the 2016 U.S. presidential election. The other victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.
Russia-based NOBELIUM, also known as “UNC 2452,” is insidious and linked to the SolarWinds Orion software update supply chain attacks. Since then, the attackers of SolarWinds have adopted new tactics that make it more difficult to trace the threat activity and allows them to maintain access to networks. Their persistence and willingness to exploit trusted technical relationships, like technology solutions companies and technology resellers, using new tactics of anonymization with open-source tools make them increasingly difficult to detect and attribute. They maintain adaptable and evolving threat vectors by employing full-time cyber skilled teams of developers and operators making them one of the toughest actors to combat. This past year, Russian threat activity revealed that their primary motivation was intelligence collection using data exfiltration techniques with little evidence of disruptive or destructive activity from the groups for financial gains.
APT 29, also known as “Cozy Bear,” is one of the most evolved and capable threat groups. Throughout 2020, APT 29 targeted organizations involved in COVID-19 vaccine development in Canada, the United States, and the United Kingdom –highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines. During 2021, the Russian group targeted COVID-19 vaccine research and development, and conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. APT 29 is likely to continue targeting organizations involved in COVID-19 vaccine research and development, as they seek to answer additional intelligence questions relating to the pandemic. The group uses a variety of tools and techniques to predominantly target governmental, diplomatic, think-tank, healthcare, and energy targets for intelligence gain.
These Russian government-linked hacking groups’ willingness to engage in offensive cyber operations has caused enormous harm, including massive financial losses, interruptions to the operation of critical infrastructure, and disruptions of crucial software supply chains. They have also shown a high tolerance for collateral damage, which leaves anyone with connections to targets of interest vulnerable to opportunistic targeting. These threat actors continue to innovate and identify new techniques and tradecraft to maintain persistent access to victim environments, hinder detection, and confuse attribution efforts.
Software is the lifeblood of the digital age. Plugging individual vulnerabilities as they are identified is not a winning strategy against sophisticated nation-state actors. By now it is apparent that a software-fueled innovation ecosystem that is based on trust, massive interconnectivity, increased interdependencies, and software reuse at scale exposes tremendous systemic vulnerabilities—vulnerabilities that facilitate major disruptive events.
The Biden Administration recognizes that the stakes for our country are high and hiring of highly skilled people is the paramount for meeting the demands of cyber defenses. Congress has also adopted appropriate bipartisan measures, but there’s more to do. We must continue looking for ways to work across party lines to bolster our cyber security systems and safeguard against future attacks.
Further, the government must continue to work closely with the internet service providers, cloud service providers, and cybersecurity companies that underpin our infrastructure technology. They have unparalleled visibility into domestic infrastructure. We need these entities to adopt basic practices on cyber hygiene, including multi-factor authentication, offsite backups, regular updates, and more. No one is immune from this threat, and we need all hands-on deck to properly prepare and respond.
President Biden made clear that the United States will not tolerate Russian-sponsored cybersecurity attacks. Now, we must work together toward commonsense solutions that protect our nation from those looking to cause us harm.
B.K. Gogia is an entrepreneurial business leader with extensive experience in cybersecurity and data science. He resides in northern Virginia.
Comments