Vulnerabilities / Threats

6/21/2018
05:44 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Destructive Nation-State Cyberattacks Will Rise

More than 90 percent of respondents in a Tripwire survey in Europe expect attacks by state-sponsored threat actors to increase in the next 12 months.

Incidents like last year's WannaCry attacks by suspected North Korean threat actors and the more recent news about Russian hackers taking control of hundreds of thousands of network routers worldwide have clearly spooked the enterprise infosec community.

Security vendor Tripwire surveyed attendees at Infosecurity Europe 2018 in London earlier this month and found 83% of the 416 respondents saying they expected nation-state attacks against critical infrastructure targets in Europe to increase in the next 12 months.

The same proportion of respondents expected the attacks would go beyond espionage and cause service disruptions and actual physical harm to the victim organizations. Recent news about malware campaigns like Triton/Trisis and Industroyer/CrashOverride appear to be feeding those fears, Tripwire said in a blog announcing survey results.

More than 9-in-10 of the respondents—93%—expected an overall increase in attacks led by state-sponsored actors.

The results are unsurprising considering all the recent attacks and news worldwide involving state-sponsored threats, says Tim Erlin, vice president of product management and strategy at Tripwire.

Just in May for instance, the FBI disclosed that Russian persistent threat actor, the Sofacy group, had managed to infect more than 500,000 home-office routers and network attached storage devices worldwide with malware for remotely controlling them. Many security experts have expressed concern that infected devices could be used to launch DDoS and other attacks against organizations worldwide.

Similarly, last December's news that a threat actor had used a highly sophisticated malware tool dubbed Triton/Trisis to disrupt operations at a critical infrastructure facility in the Middle East, has stoked widespread concern about cyberattacks causing massive physical damage. In a survey that Dimensional Security conducted for Tripwire earlier this year, 70% of 151 respondents from energy and oil and gas companies expressed worry about cyberattacks causing catastrophic physical harm, such as explosions, at their facilities.

"The main takeaway from these survey results is that organizations are increasingly concerned about nation-state attacks," Erlin says. Many are making specific investments to defend against the growing threats, he says. Forty-four percent of the respondents in Tripwire's survey for instance said that malware like Triton/Trisis and Industroyer/Crashoverride used in attacks against Ukraine's electric grid, had driven increases in ICS security spending.

Concerns over nation-state attacks are certainly not limited to Europe. A similarly high degree of apprehension over the threat exists among US companies and organizations elsewhere. "Many of them have been affected by notable attacks, and many more by less well-known or public incidents," Erlin says. "Nation-state cyberattacks are not a geographically limited problem."

Expectedly, critical infrastructure organizations are more concerned about the threat because of the potential impact of a successful attack, he says. "Other industries are also concerned, but their concerns are centered more around operational impact than safety," Erlin notes.

Tripwire's survey at Infosecurity Europe 2018 showed that many organizations are not just cognizant about the heightened threat activity but are responding to it as well. More than two-thirds, or 69%, said their organizations had stepped up efforts to defend against nation-state attacks over the past 12 months. The results also revealed a somewhat surprisingly high degree of confidence among respondents, with 22% saying they felt "very prepared" and 60% saying they felt "fairly prepared" to defend against nation-state attacks. A bare 18% said they were unprepared.

"It’s common for individuals to express confidence in their own defensive capabilities, while simultaneously expressing a lack of confidence in everyone else," Erlin says. "The fact is that successful attacks continue to take place. Consistently and comprehensively implementing foundational security controls is the best way to reduce your risk."

Related Content:

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/24/2018 | 10:50:05 PM
"Well, NOW I'm expecting it!!!"
Surveys like this always leave me suspicious. I strongly suspect that a lot of the respondents affirming these fears simply weren't thinking of them until they read the survey question.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.