Era of geopolitical instability, economic uncertainty a perfect storm for cyber criminals

By Chris Hutchins, Managing Director Public Policy EMEA at Trellix and John Fokker, Head of Threat Intelligence at Trellix Advanced Research Center

It is not an exaggeration to say we live in unprecedented times. The war in Ukraine, the energy supply crisis, rapidly rising inflation and continued fallout from the COVID-19 pandemic are impacting many facets of our lives.

Economic uncertainty created by Russia’s war against Ukraine has provoked a massive energy price shock not seen since the 1970s, which is taking a heavy toll on the world economy. Uncertainty in the global economy is also generated by a crisis of the globalisation model we know today, and by the need for conventional neoliberal economic models to adapt to a new normal that better balances local and global interests.

These phenomena, according to some analysts, has generated a status of permanent crisis, called “permacrisis” – the word of the year, according to the Collins Dictionary – a situation that can only be managed, not resolved.

The return of war in Europe has also served as a wake-up call for those questioning the EU’s approach to security and defence and its ability to defend its interests, particularly in cyber space. European political and military leadership are increasingly in lock-step on what the security threats are and where we need to deepen co-operation.

The US administration also recognises the need to address geostrategic competition, protect critical infrastructure and combat foreign information manipulation and interference. SolarWinds, Hafnium, Ukraine and other events have prompted bipartisan action from the administration and congress on new security standards and funding that significantly builds on the nation’s commitments and the work of past US governments.

So how is this uncertainty impacting the cyber security of our businesses, our public and private institutions and our democratic values? Is cyber space particularly at risk from cyber criminals and nation state actors looking to capitalise on this uncertainty?

Observations for the global cyber threat intelligence community

At Trellix, the elite team of security researchers that make up our Advanced Research Center continually investigate the threat landscape to provide insightful and actionable real-time intelligence.

What they are observing is concerning. In Q4 2022, Trellix Advanced Research Center observed the most threat detections originating from groups appearing to be backed by China, North Korea and Russia. Cyber as statecraft in the areas of espionage, warfare and disinformation are actively in use by both in service of political, economic and territorial ambitions.

The war in Ukraine has also seen the emergence of new forms of cyber attacks. Hacktivism has potential to increase in scale as people supporting both the Russian and Ukraine/Western regimes become savvier and more emboldened to deface sites, leak information and execute DDOS attacks. These individuals are emboldened by a lack of central leadership, along with their desire to attract media attention. They also undertake influencing campaigns, leveraging social media to spread propaganda and misinformation to shape public opinion.

Other more traditional forms of cyber attacks continue. Socially engineered ploys to deceive and manipulate individuals into divulging confidential or personal information, such as phishing, remain prevalent. Organisations cannot and should not overlook the importance of employee education and e-mail security solutions.

The war has also seen a merging of physical and cyber conflict as both sides combine the use of Wiper malware along with kinetic military activity. Wipers are not new, but they’ve never been observed on this scale.

But what has emerged most clearly is the enhanced public-private partnerships in action to help Ukraine. In 2022, Trellix, Microsoft, Cisco and Google were all actively sharing threat intelligence information with Ukraine and NATO governments, with the EU rapid response team lending support to that provided by the US, which has been removing malware worldwide, disrupting botnets and pre-empting cyber attacks throughout the conflict.

These partnerships have also meant enterprise and government customers have been better prepared to the emerging threats, as the security industry shared data, pre-alerted organisations and briefed customers to prevent fallout from future attacks.

International collaboration to outpace adversaries

One lesson we can draw from the conflict is that to address the nation-state threats to western democracies, we must outthink the adversary, something that requires constant collaborative efforts from public and private actors.

Outthinking them also means out-innovating them. Today there is much focus on government and industry retaining and protecting sensitive personal data from foreign law enforcement authorities – such as the US Cloud Act – by storing their data locally, in their country of operation and residence.

While we do not support laws, or standardisation efforts, mandating European data localisation for storage and processing, Trellix's Global Threat Intelligence offerings can meet the growing desire for on-premises solutions, without sacrificing on security.

Indeed, in these uncertain times, it is essential that customers have the choice to shift away from legacy threat intelligence architecture and solutions such that they can bolster their security perimeter while maintaining their data privacy needs.

Above all, in today’s environment, you need a trusted cyber security partner, a practitioner with the capability to gather data proactively, and one with a platform that can assimilate multiple threat feeds into a constantly evolving defensive posture in real-time.

Global threat intelligence to build resilience

The Trellix Advanced Research Center’s Threat Intelligence Group is just such a partner, detecting trends ahead of the market and advising customers, all while co-ordinating with government and industry partners to provide visibility into the evolving threat landscape. Our mantra is that organisations must operate with a ‘shields up’ approach, which goes far beyond endpoint detection, so that organisations build defences for resilience and ensure they have the capability to detect anomalous behaviour, even from legitimate tools.

Our threat intelligence capabilities are driven by a team of sought-after experts, supporting classified investigations, speaking at industry events and educating influencers across media, academia, analysts and the public sector, who have worked to inform government security agencies and entities across the Five Eyes and other nations over a number of years.

Their work empowers Trellix customers, industry partners and global law enforcement with mission-critical insights and research on the threat landscape, from APT groups and nation-state actors to cyber criminal organisations and their behaviours, all leveraging global data feeds from deployed sensors across key threat vectors to stay ahead of the adversary. And this stream of intelligence and insights is continually fed back into product R&D as we continue to update and innovate the roadmap for our XDR ecosystem.

As the geopolitical and economic outlook remain complicated, with a greater level of uncertainty than normal, many organisations may want to reconsider their spending priorities.

But failing to prioritise investment in cyber security intelligence and analysis would be false economy in an environment of fast-evolving threats and strategies, and a desire by some nation states to destabilise and attack our critical infrastructures while sowing the seeds of disinformation.

Share