Nation-State Cyber Threat Landscape: Understanding Its Implications and Safeguarding the Financial Services Industry
In recent years, the number of cyber adversaries using hands-on tactics to achieve their objectives increased by 50 percent globally in 2022. In particular, financially motivated cybercrime adversaries have matured and refined their tradecraft, with the underground economy thriving like never before in history.
It’s important to highlight, however, the barrier to entry to commit a cyber-attack has been dramatically reduced. It is not just the most highly skilled adversaries – often associated with nation-state activity - perpetrating interactive cyber-attacks.
In reality, the evolving ecosystem, including an increasing trend around access-broker activity, has opened the door to a whole new class of adversaries.
In fact, sophisticated cybercrime groups have built businesses off the sale of compromised credentials and pre-established access, as well as step-by-step playbooks enabling adversaries of all skill levels to conduct hands-on intrusions. This most often manifests itself through ransomware-as-a-service (RaaS).
In today's digital landscape, financial services have become one of the most targeted industries for cyber threats.
Persistent data breaches and digital attacks targeting Indonesia’s banking industry in recent years – including the breach earlier this year that leaked personal information of 15 million customers and staff members of Bank Syariah Indonesia (BSI) – underscores this challenge.
The digital transformation including transitioning workloads and apps to the cloud has also contributed to the increased targeting of the financial services industry.
This, and the adoption of hybrid-work practices as a result of the pandemic, has expanded the attack surface for attackers to exploit, making customer data management and protection increasingly difficult. In addition, tighter regulatory compliance adds more pressure to already stretched financial services security teams.
Understanding the Threat Landscape
The financial services industry, along with government and telecommunications sectors, frequently finds itself in the crosshairs of nation-state threat actors. These actors are driven by political or nationalistic motivations, shaping their objectives and strategies.
For instance, we’ve seen Chinese threat actors align their actions with China's five-year plan, as well as the Made in China 2025 initiative. Their goals range from economic espionage and intellectual property theft to foreign intelligence collection and, in rare cases, even physical infrastructure attacks.
While nation-state actors from the Democratic People's Republic of Korea (DPRK) focus on their National Economic Development Plan, and currency generation, specifically targeting crypto-currency exchanges and financial technology (fintech) companies for financial gain.
Recent observations by CrowdStrike's OverWatch Threat hunting team reveal a staggering surge of more than 130 percent in nation-state intrusions against financial services entities based in Asia Pacific and Japan (APJ) region in 2022.
To stay ahead of evolving threats and prevent breaches, it is crucial for financial institutions to fully appreciate the threats they face by understanding adversary tradecraft, while also deploying robust security solutions that offer critical visibility and prevention capabilities.
Motivations and Targets
Nation-state threat actors target the financial services industry due to the sector's possession of highly sensitive data, including trade secrets and confidential communications. Moreover, they seek privileged access to industrial systems connected to the internet, expanding their attacks into critical infrastructure such as power plants.
The Vulnerable Sectors in Asia
Within Asia, financial, government, technology, and telecommunications are among the vulnerable sectors. Notably, intrusions by China-nexus adversaries accounted for nearly two-thirds of targeted intrusion activities confirmed in 2022, according to CrowdStrike’s Global Threat Report 2023.
China-nexus threat actors primarily focus on foreign intelligence collection rather than disruption. Telecommunications and technology organizations are especially high-priority targets due to ongoing economic espionage campaigns targeting research and development data, proprietary information, and trade secrets.
Intrusions into telecommunications entities enable adversaries to enhance intelligence collection and surveillance efforts by gaining direct access to foreign telecommunications infrastructure.
Safeguarding the Financial Services Industry
To defend against nation-state cyber threats, financial institutions must adopt a proactive approach. Here are the top five steps to enhance security and safeguard their operations:
- Use integrated, comprehensive endpoint protection: Deploy an integrated endpoint protection platform that includes anti-malware, application control, endpoint detection and response (EDR), vulnerability management, device control, and data protection.
- Embrace cloud-native security: Leverage cloud-native security solutions that provide comprehensive visibility and protection across diverse environments, including on-premises and cloud infrastructure
- Secure the identity: Organizations should prioritize measures such as multi-factor authentication, privileged access management, and user behavior analytics to detect and prevent unauthorized access attempts
- Focus defensive efforts on adversary behaviors: By monitoring and correlating diverse data sources, such as network traffic, endpoint telemetry, and threat intelligence, organizations can identify patterns and anomalies associated with malicious activities. This proactive approach allows organizations to detect and respond to emerging threats before they can cause significant damage
- Know your adversary: Understanding the motivations, techniques, and tactics employed by threat actors is crucial in building effective defense strategies. Organizations should invest in threat intelligence programs and resources that provide insights into the evolving threat landscape. This knowledge empowers organizations to make informed decisions, prioritize security investments, and enhance their overall cybersecurity posture
Additionally, organisations should foster collaboration and invest in employee education. By following these five steps, financial institutions can safeguard their operations and stay one step ahead of adversaries.
Scott Jarkoff is the director of intelligence strategy for Asia Pacific, Japan, Middle East, Turkey and Africa regions at CrowdStrike, an Austin-based cybersecurity technology company.