Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Nation-state threat actors exploit machine identities to run cyber attacks

Venafi research has found that 65 per cent of Australian organisations have changed their cyber security strategy as a direct response to the conflict between Russia and Ukraine.

user iconReporter
Thu, 25 Aug 2022
Nation-state threat actors exploit machine identities to run cyber attacks
expand image

Due to recent shifts in geopolitics, Venafi researchers have observed the significant security impact of the increasing number of nation-state attacks.

In a survey of over 1,100 security decision-makers (SDMs), nearly two-thirds (69 per cent) suspect their organisation has been either directly targeted or impacted by a nation-state cyber attack. Venafi's global survey also revealed that 65 per cent of Aussie organisations have changed their cyber security strategy as a direct response to the conflict between Russia and Ukraine.

According to Kevin Bocek, vice president, security strategy and threat intelligence at Venafi, geopolitics and kinetic warfare now must inform cyber security strategy.

============
============

“Cyber war is here.

"It doesn’t look like the way some people may have imagined that it would, but security professionals understand that any business can be damaged by nation-states.

"We’ve known for years that state-backed APT groups are using cyber crime to advance their nations’ wider political and economic goals," Bocek said.

The SolarWinds attack, which compromised thousands of companies by exploiting machine identities to create backdoors and gain trusted access to key assets, is a prime example of the scale and scope of nation-state attacks that leverage compromised machine identities.

Russia's recent HermeticWiper attack, which breached numerous Ukrainian entities just days before Russia's invasion of the country, used code signing to authenticate malware in a recent example of machine identity abuse by nation-state actors.

Key Australian findings from the Venafi research include:

  • 79 per cent believe we’re in a perpetual state of cyber war;
  • 87 per cent believe geopolitics and cyber security are intrinsically linked;
  • 65 per cent have had more conversations with their board and senior management in response to the Russia-Ukraine conflict;
  • 61 per cent doubt they’d ever know if their organisation was hacked by a nation-state; and
  • 60 per cent think the threat of physical war is a greater concern in their country than cyber war.

Venafi research has also found that Chinese APT groups are conducting cyber espionage to advance China's international intelligence, while North Korean groups are funnelling the proceeds of cyber crime directly to their country’s weapons programs.

Everyone is a target, according to Bocek, who adds that unlike a kinetic warfare attack, it is up to organisations to defend themselves against nation-state cyber attacks.

"There is no cyber-Iron Dome or cyber-NORAD.

"Every CEO and board must recognise that cyber security is one of the top three business risks for everyone, regardless of industry.

"Nation-state attacks are highly sophisticated, and they often use techniques that haven’t been seen before," Bocek said.

Venafi research into the methods used by nation-state threat actors shows the use of machine identities is growing in state-sponsored cyber attacks. The digital certificates and cryptographic keys that serve as machine identities are the foundation of security for all secure digital transactions. Machine identities are used by everything from physical devices to software to communicate securely.

The Venafi research team recommends the only way to reduce risks of machine identity abuse is through a control plane that provides observability, governance and reliability.

"This makes them extremely difficult to defend against if protections aren’t in place before they happen.

"Machine identities are regularly used as part of the kill chain in nation-state attacks, every organisation needs to step up their game.

"Exploiting machine identities is becoming the modus operandi for nation-state attackers," Bocek said.

Venafi’s study, which was conducted by Sapio in July 2022, evaluated the opinions of 1,101 security decision-makers across the United States, United Kingdom, France, Germany, Benelux (Belgium, Netherlands, Luxembourg) and Australia.

[Related: Why companies should prepare for cyber attacks in a time of heightened global conflict]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.