1 August 2023

4 min read

Nation state actors: what's next on the cyber threat landscape horizon?

Cyber security
Nation state actors: what's next on the cyber threat landscape horizon? placeholder thumbnail

In this special edition of our Cyber Intelligence Briefing podcast, S-RM experts Paul Caron and Stephen Ross – both leaders within S-RM’s US cyber security team – discuss nation state backed cyber crime and how it impacts the threat landscape. They look at last year’s ransomware dip, what’s happening on the ground today and raise the question ‘what is next on the threat landscape horizon?’.


Listen to the latest S-RM podcast on YouTube 

 

 

Attribution challenges: the intricacies of nation state threat actors

 

In physical conflict, groups with direct or indirect links to government states can receive various forms of support including; funding, space to operate within the borders of that country, or technology to refine their operations. The same is true in the realm of cyber. Nation-state threat actors operate with a layer of government support, which complicates the task of identifying the true perpetrators behind cyber attacks. Their substantial resources, funding, and access to cutting-edge technology create a strong barrier and incredible complex bread crumb trail for investigators to follow in attempting to trace back the origins of the attacks.

War historically has been land, sea, air. We then got into space. Now we are thinking about cyber space.”

Paul notes that as humans we naturally want to know ‘whodunnit’ but ransomware attribution is extremely difficult to pin down without a repeated connection to malware or an identifiable leverage pattern. It is easy to point fingers at a county alone, but the level of complexity is ‘astronomical’ with criminal organisations often doing the majority of the dirty work.

 

Impact of Russia’s invasion of Ukraine on the cyber threat landscape in 2022

 

Amidst the early tensions of the Russia-Ukraine conflict, experts anticipated a surge in ransomware attacks in the West as part of Russia's military doctrine. However, the unexpected occurred as ransomware attacks notably decreased. As Paul explains, this pause was due to cyber criminals switching time and resources away from attacking the West and propagating attacks at each other, specifically across Russia and Ukraine by groups with close direct or indirect affiliations with those countries.

 

What’s happening today and what we think will happen in the near future

 

Today, we have seen an uptick in ransomware activity. Paul notes, threat groups are still financially motivated and having ‘paid homage’ to their state they have returned to what they do best. But the threat landscape isn’t the same, there are new groups coming online - some forming when older groups fracture, perhaps owing to differences of opinion or political or socio economic ideals. Others are still large but evolving, reforming with slight differences, becoming ‘multi-threaded’ ventures, that is - one principle group operating under three or four different names, each with small differences in focus or types of attack such as credential compromise or social engineering, but still rolling up into the principle group.

Paul and Steve predict a continued upswing in attacks, in particular data exfiltration where attackers utilise local applications within corporate networks, camouflaging their presence and making tracing their actions exceedingly difficult, alongside social engineering attacks targeting high-level executives, threatening their reputation and/or brand, thereby putting increased pressure on how they handle the attack.

Finally, we may also see high-value individuals, such as influential business leaders and affluent personalities, increasingly become direct targets for ransomware – where the threat actor bypasses the need to go through an organisation to reach their goal.

 

Cyber Intelligence Briefing

 

Authors

Paul Caron
Paul Caron
Head of Cyber Security, Americas

Paul is S-RM’s Head of Cyber Security, Americas. Paul has over 20 years of experience spanning both the private and government sectors in roles across leadership, military intelligence and counterterrorism, and cyber security leadership & engagement delivery. Before joining S-RM, he was the Managing Director of Incident Response for a global consulting firm. In this role, he used his experience to help clients who were experiencing complex ransomware attacks.

After a career in the U.S. Army, where he was a subject matter specialist in various facets of the Intelligence and Special Operations fields, Paul joined PwC. At PwC, he was an engagement manager and focused on cyber security strategic transformation projects. He has significant experience advising Fortune 100 clients through proactive security transformation efforts and post-breach remediation activities. He has a strong track record of partnering with senior security leaders to mature their cyber security programs on their strategic journeys.

Paul holds an MBA from Norwich University. He was in the first graduating class of the Norwich University Strategic Studies and Defence Analysis program. He is also the co-author of “Security Supervision and Management: Theory and Practice of Asset Protection.”

Stephen Ross
Stephen Ross
Head of Business Development, Americas

Steve is S-RM’s Head of Business Development in the Americas, coordinating both Cybersecurity and Corporate Intelligence practices. He has over 13 years of experience in the cybersecurity and intelligence fields working with the federal government, large enterprises, and small businesses alike. Steve got his start in information security through his time in the United States Marine Corps as a special operations signals intelligence operator and linguist. After leaving the Marine Corps, Steve transitioned to the private sector as a cybersecurity and privacy consultant.

Steve specializes in enterprise risk management, data privacy and security, and client relationships. He has a wealth of experience across multiple industries including technology, media and entertainment, and telecommunications. Steve has led numerous security risk assessments, written information security policies, and built cyber risk management teams across multiple industries and competencies. Steve has served as lead for incident communications, developed cyber risk-centric automations, and performed countless contractual reviews and negotiations.

Paul Caron
Paul Caron

Head of Cyber Security, Americas

Stephen Ross
Stephen Ross

Head of Business Development, Americas

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.