It is not an exaggeration to say we live in unprecedented times. The war in Ukraine, the energy supply crisis, rapidly rising inflation and continued fallout from the Covid-19 pandemic are impacting many facets of our lives.
Economic uncertainty created by Russia’s war against Ukraine has provoked a massive energy price shock not seen since the 1970s which is taking a heavy toll on the world economy. Uncertainty in the global economy is also generated by a crisis of the globalization model we know today, and by the need for conventional neoliberal economic models to adapt to a new normal that better balances local and global interests.
These phenomena, according to some analysts, has generated a status of permanent crisis, called “Permacrisis” – the word of the year according to the Collins Dictionary – a situation that can only be managed not resolved.
The return of war in Europe has also served as a wake-up call for those questioning the EU’s approach to security and defence and its ability to defend its interests, particularly in cyberspace. European political and military leadership are increasingly in lock-step on what the security threats are and where we need to deepen cooperation.
The U.S. administration also recognises the need to address geostrategic competition, protect critical infrastructure, and combat foreign information manipulation and interference. SolarWinds, Hafnium, Ukraine and other events have prompted bipartisan action from the administration and congress on new security standards and funding that significantly builds on the nation’s commitments and the work of past U.S. governments.
So how is this uncertainty impacting the cybersecurity of our businesses, our public and private institutions and our democratic values? Is cyberspace particularly at risk from cyber criminals and nation state actors looking to capitalise on this uncertainty?
Observations for the Global Cyber Threat Intelligence Community
At Trellix the elite team of security researchers that make up our Advanced Research Center continually investigate the threat landscape to provide insightful and actionable real-time intelligence.
What they are observing is concerning. In Q4 2022 Trellix Advanced Research Center observed the most threat detections originating from groups appearing to be backed by China, North Korea and Russia. Cyber as statecraft in the areas of espionage, warfare and disinformation are actively in use by both in service of political, economic and territorial ambitions.
The war in Ukraine has also the seen the emergence of new forms of cyberattacks. Hacktivism has potential to increase in scale as people supporting both the Russian and Ukraine/Western regimes become savvier and more emboldened to deface sites, leak information and execute DDoS attacks. These individuals are emboldened by a lack of central leadership, along with their desire to attract media attention. They also undertake influencing campaigns, leveraging social media to spread propaganda and misinformation to shape public opinion.
Other more traditional forms of cyberattacks continue. Socially engineered ploys to deceive and manipulate individuals into divulging confidential or personal information, such as phishing, remain prevalent. Organizations cannot and should not overlook the importance of employee education and email security solutions.
The war has also seen a merging of physical and cyber conflict as both sides combine the use of Wiper malware along with kinetic military activity. Wipers are not new, but they’ve never been observed on this scale.
But what has emerged most clearly is the enhanced Public-Private Partnerships in action to help Ukraine. In 2022, Trellix, Microsoft, Cisco and Google were all actively sharing threat intelligence information with Ukraine and NATO governments, with the EU rapid response team lending support to that provided by the U.S., who have been removing malware worldwide, disrupting botnets and pre-empting Cyberattacks throughout the conflict.
These partnerships have also meant enterprise and government customers have been better prepared to the emerging threats, as the security industry shared data, pre-alerted organizations and briefed customers to prevent fallout from future attacks.
International Collaboration to Outpace Adversaries
One lesson we can draw from the conflict is that to address the nation-state threats to western democracies, we must outthink the adversary, something that requires constant collaborative efforts from public and private actors.
Outthinking them also means outinnovating them. Today there is much focus on government and industry retaining and protecting sensitive personal data from foreign law enforcement authorities – such as the U.S. Cloud Act – by storing their data locally, in their country of operation and residence.
Whlist we do not support laws, or standardization efforts, mandating European data localization for storage and processing, Trellix’s Global Threat Intelligence offerings can meet the growing desire for on-premise solutions, without sacrifising on security.
Indeed, in these uncertain times, it is essential that customers have the choice to shift away from legacy threat intelligence architecture and solutions such that they can bolster their security perimeter whilst maintaining their data privacy needs.
Above all, in today’s environment, you need a trusted cybersecurity partner, a practioner with the capability to gather data proactively, and one with a platform that can assimilate multiple threat feeds into a constantly evolving defensive posture in real-time.
Global Threat Intelligence to Build Resilience
The Trellix Advanced Research Center’s Threat Intelligence Group is just such a partner, detecting trends ahead of the market and advising customers, all while coordinating with government and industry partners to provide visibility into the evolving threat landscape. Our mantra is that orgnisations must operate with a ‘shields up’ approach, which goes far beyond endpoint detection, so that organisations build defences for resilience and ensure they have the capability to detect anomalous behaviour, even from legitimate tools.
Our threat inteligence capabilities are driven by a team of sought-after experts, supporting classified investigations, speaking at industry events, and educating influencers across media, academia, analysts and the public sector, who have worked to inform government security agencies and entities across the Five Eyes and other nations over a number of years.
Their work empowers Trellix customers, industry partners and global law enforcement with mission-critical insights and research on the threat landscape, from APT groups and nation-state actors, to cybercriminal organisations and their behaviors, all leveraging global data feeds from deployed sensors across key threat vectors to stay ahead of the adversary. And this stream of intelligence and insights is continually fed back into product R&D as we continued to update and innovate the roadmap for our XDR ecosystem.
As the geopolitical and economic outlook remain complicated with a greater level of uncertainty than normal, many organizations may want re-consider their spending priorities. But failing to prioritise investment in cybersecurity intelligence and analysis would be false economy in a environment of fast evolving threats and strategies, and a desire by some nation states to destablise and attack our critical infrastructures whilst sowing the seeds of disinformation.