Nation-State Cybercrime Starts with Phishing

February 24, 2022

Nation-state cybercrime is at the forefront of tech discussions this week as Russia and Ukraine move deeper into conflict. The run-up to the escalation in that arena has included several waves of cyberattacks by Russia-aligned nation-state cybercriminals. Those attacks didn’t just target military and government assets; banks and businesses have also been in the line of fire, raising the possibility of nation-state cyberattacks spilling over from this conflict to impact businesses worldwide – and one of the most likely ways that will happen is through phishing

Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

Risk is Escalating 

The US Cybersecurity & Infrastructure Security Agency (CISA) released a “Shields Up” advisory last week with the aim of warning US businesses of cyberattack danger presented by nation-state threat actors in light of the current Russia-Ukraine conflict. CISA identified Russia as a potential aggressor against US businesses stating, “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.” The advisory goes on to recommend that all organizations regardless of size or industry adopt a heightened cybersecurity posture. Officials in the UK issued a similar warning.  

That’s because nation-state cybercriminals have been steadily branching out. Threat actors have expanded their efforts to steal data or gain entry to a strategic target by attacking targets in its supply chain. An estimated 90% of Advanced Persistent Threat Groups (APTs) regularly attack organizations outside of the government or critical infrastructure framework. In fact, Enterprises are now the most common targets of state-sponsored cybercriminals.    

Targets of Nation-State Cyberattacks  % of Total 
Cyber Defense Assets 25% 
Media & Communication 14%
Government Bodies12%   
Critical Infrastructure 10% 
Dr. Mike McGuire and HP, Nation States, Cyberconflict and the Web of Profit 

After Colonial Pipeline, people became more concerned about infrastructure attacks, especially nation-state attacks. That is a valid concern; in the Russia-Ukraine conflict, Russia-aligned threat actors made successful forays against power plants, transportation, communications and other infrastructure targets. But Infrastructure and associated targets aren’t the only places the bad guys are looking for marks these days. The Microsoft Digital Defense Report digs a little bit deeper into the aims of APTs, and it’s easy to see that nation-state attacks endanger targets well beyond their expected area of effect. In fact, over 90% of the security alerts that Microsoft generated originated outside of infrastructure. Within the Infrastructure category, 60% of nation-state activity zeroed in on IT organizations, followed by commercial facilities, critical manufacturing, financial services, and the Defense Industrial Base (DIB). 

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

Nation-State Cybercriminals Are Still Cybercriminals 

How are nation-state cybercriminals getting the job done? Just like other cybercriminals, they embrace the easiest, cheapest method of perpetrating attacks first: phishing. These days, an estimated 95% of attacks on business networks are the result of successful spear phishing. That’s because no matter what their end goal is or who they’re working for, cybercriminals of every stripe know that phishing is devastatingly effective, and employees are highly likely to fall for it. Employees are constantly fooled by phishing tricks, leading to devastating consequences for their employers. 

  • 1 in 3 employees are likely to click the links in phishing emails.   
  • 30% of phishing messages get opened by targeted users 
  • 1 in 8 employees are likely to share information requested in a phishing email.  

Nation-state threat actors also don’t hesitate to turn to the dark web for data, freelancers and technology that can be snapped up affordably – or even for free. The booming Cybercrime-as-a-Service economy offers them a bounty of resources. As detailed by Microsoft, Spear-phishing-for-hire can cost $100 to $1,000 per successful account takeover, and DDoS attacks are cheap for unprotected sites: roughly $300 USD per month. Ransomware kits cost as little as $66 upfront. But they can also choose to simply farm out the entire phishing operation to a specialist group. In the same vein as ransomware-as-a-service (RaaS), phishing-as-a-service follows the software-as-a-service model that many legitimate companies use. It’s not hard to find one-stop-shopping with complete ready-to-deploy campaigns – or even a subscription box–type model where users pay a monthly fee for regular service.  

The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>

Even Nation-State Threat Actors Want to Get Paid

State-sponsored or state-adjacent cybercrime groups are also in the business of making money. This is especially important for countries that may be subject to sanctions. Experts estimate that for a rogue state like North Korea, cybercrime is a major industry and a way to bring in what is essentially a national income through cybercrime operations. North Korea makes an estimated $1 billion off of cybercrime yearly. Of course, the money these cybercriminals generate is also in part a way to finance other shadowy operations and further cyberattacks.  

APTs are most likely to be making the lion’s share of their money through ransomware operations. Ransomware is the preferred weapon of nation-state threat actors. It’s a versatile tool that serves several purposes: making money, causing chaos, stealing data, taking down infrastructure, disrupting supply chains, warfare – the possibilities are endless and endlessly unpleasant. The 9th edition of the ENISA Threat Landscape (ETL) report warns that in 2022 their experts expect that “State-backed actors will continue conducting revenue-generating cyber intrusions in pursuit of strategic objectives or personal gain) with varying levels of national responsibility.” 

CISA recently released an advisory in concert with officials in Australia and the United Kingdom warning businesses that phishing remains the top threat for ransomware. CISA has also released guidance to help organizations reduce the likelihood of a damaging cyber intrusion. Those recommendations include: 

  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication. 
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes. 
  • If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance
  • Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats. 
  • Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity. 
  • Assure availability of key personnel; identify means to provide surge support for responding to an incident. 
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident. 

Is your incident response plan ready to roll? Make sure you’ve covered the bases or get started making one with our Cybersecurity Incident Response Guide. DOWNLOAD IT NOW>>

Prevent Phishing & Ransomware Trouble Automatically 

The best way to prevent employees from falling for phishing traps is to prevent them from ever receiving phishing messages. Graphus can take care of that.  

Why should you choose Graphus? Because you’ll get cutting-edge protection from cybercrime at an excellent price. Using AI-powered, automated email security with an award-winning solution is a smart move for businesses of every size. 

  • You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget. 
  • Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing email than a SEG or conventional security.  
  • Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users. 
  • Click here to watch a video demo of Graphus now. 

Don’t wait until cybercriminals are dangling tempting lures in front of your employees to take action and provide your business with best-in-class email security. Let us show you how the triple-layered protection that your business gets from Graphus is exactly what you need to keep your organization safe from phishing. Schedule a demo today=> 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus