Cybersecurity: These countries are the new hacking threats to fear as offensive campaigns escalate

The number of hostile nation-state hacking operations is rising as new countries invest in cyber intrusion campaigns and existing state-backed attack groups take advantage of the rise in organisations adopting cloud applications.

Crowdstrike’s 2022 Global Threat Report details how the cyber threat landscape has evolved throughout the last year. One of those developments is the rise of new countries engaging in offensive cyber operations, including Turkey and Columbia.

In accordance with Crowdstrike’s naming conventions, attacks by Turkish linked groups are detailed as attacks by ‘Wolf’ while attacks by Columbian operations have been Dubbed ‘Ocelot’ – in a similar way to how the cybersecurity names Russian-government backed activity ‘Bear’ or Chinese hacking groups ‘Panda’.

Activity by one of these new groups is detailed in the report; a Turkish based hacking group, dubbed Cosmic Wolf by researchers, targeted data of an unspecified victim stored within an Amazon Web Services (AWS) cloud environment in April 2021.

The attackers were able to break into the AWS cloud environment using stolen usernames and passwords, which also provided the attackers with the privileges required to alter command lines. That means they were able to alter security settings to allow direct Secure Shell Protocol (SSH) access to AWS from their own infrastructure, enabling the theft of data.

SEE: Cloud security in 2021: A business guide to essential tools and best practices

Ultimately, countries are seeing that cyber campaigns can be easier to conduct than traditional espionage and are investing in it.

“There are a lot of countries out there that look at this and realise it’s cheaper, it’s easier and it’s got plausible deniability built into it,” Adam Meyers, senior vice president of Intelligence at Crowdstrike told ZDNet.

“That’s what’s happening – we’re seeing more countries have developed these programs and they’re going to get better at it over time.”

One of the reasons countries are increasing their offensive cyber capabilities is owed to the impact of the global pandemic. Lockdowns and stringent travel checks made it harder for traditional espionage techniques to be effective, leading towards investment in cyber operations.

“It’s created a little bit more demand or accelerated planning around developing cyber capabilities for some of these countries that would have perhaps relied on other means previously,” said Meyers.

The shift towards cloud applications and cloud IT services has also played an unwitting role in making cyber attacks easier. The rise of hybrid working means many employees aren’t based in an office, instead connecting remotely via collaborative applications, VPNs and other services – using a username and password.

SEE: A winning strategy for cybersecurity (ZDNet special report)

That makes being productive while working remotely simpler for employees – but it’s also made things simpler for hacking groups, who can secretly access networks with a stolen – or guessed – username and password.

Some of the biggest cybersecurity incidents of recent years, like the SolarWinds and Microsoft Exchange attacks, have demonstrated how powerful an attack targeting cloud services and cloud supply chains can be, particularly if cloud is misconfigured or poorly monitored.

“As organisations are moving to the cloud and looking to develop better capabilities, threat actors are moving there as well,” said Meyers.

There are, however, steps that organisations can take to help make their networks and their cloud infrastructure more resistant to cyber attacks, including the adoption of a zero trust strategy of not trusting devices connecting to the network by default.

The research paper also recommends that organisations work towards eliminating misconfiguration in their cloud applications and services by setting up default patterns for setting up cloud, so when new accounts are set up, it’s done in a predictable manner, minimialising the possibility of human error going undetected. Cloud architecture should also be monitored and maintained with security updates, like any other software.  

MORE ON CYBERSECURITY