Go Back

Decoding Cyber Warfare

Share:

CEO and co-founder @acsense

Muli Motola

Co-founder and CEO

Navigating the Waves of Digital Threats and Why Your Cyber Resilience Must Evolve

“USA-247, also known as NRO Launch 39 or NROL-39, is an American reconnaissance satellite, operated by the National Reconnaissance Office and launched in December 2013. The USA-247 launch received a relatively high level of press coverage due to the mission’s choice of logo, which depicts an octopus sitting astride the globe with the motto “Nothing Is Beyond Our Reach”. The logo was extensively criticized in light of the surveillance disclosures in July 2013.” – Wikipedia

Introduction:

Welcome to our exploration of the dynamic realm of cyber warfare through the lens of recent Identity and Access Management breaches. In this post, we delve into the increasing violence of digital threats and the imperative for organizations to evolve their cyber resilience strategies.

Decoding Cyber Threats in the Modern Landscape

Cyber Resilience: Adapting to the New Normal


Cyber Resilience is no longer just a virtual game.


Threat actors are taking bolder steps to compromise organizations. A recent article from Microsoft revealed how criminals are dangerously close to physically threatening the lives of system admins.

Unmasking Threat Actors: The Violent Waves of Digital Warfare

Scattered Spider’s native English speakers are effective in launching social engineering campaigns.

Microsoft’s post included screenshots of text messages sent to a victim of the gang, threatening to dispatch a shooter to their home if they did not provide their login credentials. 

The Unseen Impact on Bystanders: Why Cyber Resilience Must Evolve

The marketing strategy for a security startup involves identifying the Ideal Customer Profile (ICP) and gathering additional information about them. This information includes data such as their sources of knowledge and socialization. Data is then extracted with the aim of establishing contact, ultimately demonstrating the value of cyber security companies and their products to facilitate deal closures.

This parallels what the threat intelligence team said about the breach: 

The threat actor performs research on the organization and identifies targets to effectively impersonate victims, mimicking idiolect on phone calls and understanding personal identifiable information to trick technical administrators into performing password resets and resetting multifactor authentication (MFA) methods…” 

 

“…These actors use personal information, such as home addresses and family names, along with physical threats to coerce victims into sharing credentials for corporate access.

Digital Threats and Real-World Consequences

The Convergence of Virtual and Physical Threats

In “The Octopus: A California Story” by Frank Norris, the Octopus symbolizes the powerful and oppressive influence of the railroad monopoly. It represents how the railroad company extends its tentacles to control and manipulate various aspects of life in Southern California, including the economy, politics, and the lives of the ranchers.

The novel explores the impact of such monopolies on individuals and communities, highlighting the social and economic injustices perpetrated by these powerful entities.

Scattered Spider’s Tactics: A Different Angle

The cybercriminal group Scattered Spider is known for targeting large companies to steal data for extortion.

This group also goes by the alias OktaPus, in a possible nod to Frank Norris’ story. There is speculation that Scattered Spider might adhere to an ideology aimed at challenging corporate monopolies. This assumed ideology involves diverting funds from large companies and redistributing them to the underprivileged through the cyber war.

Ideology and Cyber Warfare: Insights from History

In many cases, violence is not solely driven by one factor; there is often an intersection of ideology and financial motives.

For example, the Revolutionary Armed Forces of Colombia (FARC) is a terrorist group with Marxist ideology aiming to overthrow the government of Colombia. This organization uses such financial strategies as extortion and ransom to fund their activities. 

Consequently, it is anticipated that attacks driven by ideology may escalate to more extreme acts. Within the realm of cyber warfare, corporate employees may unknowingly become pawns in a larger game. This leaves employees to navigate a landscape where the manipulation at play is not fully comprehended. 

As stated by Paul Martini, CEO of iboss: “While protecting identity is a critical fight in the modern cyber landscape, the reality is that identity products alone would not have prevented this attack.” 

Cybercrime has evolved from being a weapon used between countries during the Cold War to armaments used by ideological adversaries. These adversaries bring sophisticated tools, processes, and skills ranging from the national to the commercial level.

However, corporations are not inherently equipped for such a cyber war.

 

Strategies for Cyber Resilience and Beyond

The “Cloud Shared Responsibility Model” , where the security of certain aspects of the cloud is delegated to the customer, emphasizes the need for companies to actively manage and secure their Cloud settings and configurations. At the bare minimum, these actions should be taken to address emerging threats:

Cloud Hygiene and Attack Surface Reduction

Proper cloud hygiene involves implementing best practices when setting up the cloud, such as access management, controls, and continuous monitoring. This helps to reduce attack surface by minimizing opportunities for unauthorized access.

Threat Detect and Response: The Key to Cyber Preparedness

In addition to prevention, companies must have effective incident response plans in place.

An effective plan includes the ability to both detect and respond to IAM incidents promptly. Being self-sufficient in restoring normal operations after an incident is critical for minimizing downtime and business disruption.


Cyber Insurance and Business Continuity: Investing in Your Future

Companies that demonstrate strong cybersecurity practices, including effective IAM, may be viewed more favorably by cyber insurance providers. Implementing sound security measures can potentially lead to lower insurance premiums. 


Strategic Cybersecurity Practices: The Importance of Access Management Business Continuity Plans

While Cloud Access is crucial for preventing breaches, it’s equally important for maintaining an Access Management business continuity plan. This involves having tools, skills, and strategies in place to quickly recover and resume normal operations in the event of Access being compromised.



The Evolving Nature of Cyber Warfare

The Challenges of Attribution and Rules of Engagement

The realm of cyber warfare presents unique challenges and complexities, akin to traditional combat principles.

The landscape of cyber threats is dynamic, and as any combat officer knows, the defensive line will be breached. The attribution of cyber attacks, the potential for personal and collateral damage, and the difficulty in establishing rules of engagement all contribute to the simple conclusion that we need an offensive cyber strategy.

Challenges in adopting such a strategy do exist. In many Western countries, laws and international norms generally discourage or outright prohibit offensive cyber operations, especially when conducted by private entities.


In a recent Linkedin post, Amit Yoran, Tenable CEO, wrote: “I joined other cybersecurity industry leaders calling on Congress to continue prioritizing funding for the Cybersecurity and Infrastructure Security Agency’s operations. The cybersecurity of the U.S. government, our critical infrastructures, and America are bipartisan causes we can all continue to stand behind.” Recent budget changes show dramatic shifts that affect these agencies’ ability to proactively react to cybercrime.


Additionally, the U.S. Secret Service plays a role in investigating financial and electronic crimes, and the Department of Homeland Security (DHS) has a significant cybersecurity mission. Within the DHS, the Cybersecurity and Infrastructure Security Agency (CISA) is particularly focused on protecting critical infrastructure from cyber threats and enhancing the overall cybersecurity posture of the nation.


A Call for Offensive Cyber Strategies

As technology becomes more integrated into our daily lives, and as businesses and individuals rely heavily on digital infrastructure, cyber threats will continue to evolve, and the stakes in cyber warfare will escalate. Cyber threats are no longer solely about digital privacy or financial losses; they can pose real risks to people’s lives and physical safety. This shift has led to a growing recognition of the need to address cybersecurity not only as a matter of national security but also as a critical component of public safety and individual well-being as the potential for direct harm to individuals grows.

 

However, it seems that the FBI, being the primary institute capable of retaliating against criminals, moves slowly. Consequently, individuals who were supposed to be behind bars were able to carry out the recent MGM and Caesars Enternationmen attack.

 

This observation aligns with a recent statement from Michael Sentonas, President of Crowdstrike: 

For more than six months, the FBI has known the identities of at least a dozen members tied to the hacking group responsible for the devastating September break-ins at casino operators MGM Resorts International (MGM.N) and Caesars Entertainment (CZR.O)”.


The Collective Effort: Cybersecurity in the Public Sphere

The private sector has also attempted to build a collective effort against cybercrime. 


However, this too has proven ineffective.  Ironnet, a company with a mission to “See and stop attacks faster with the IronNet Collective DefenseS platform,” aimed to help government agencies and corporations by providing technologies to defend against cyber threats. However, after going public in August of 2021, IronNet struggled and eventually declared bankruptcy. 

 

In Summary

Adopting a holistic approach is essential for companies aiming to mitigate cyber risks. 


An effective holistic approach should integrate effective cloud management practices, a resilient business continuity plan, and proactive cybersecurity measures. However, defense alone may not suffice. The fight against nation-state level adversaries is highly complicated and costly. A national, collaborative effort is imperative. Proactive measures against adversaries are crucial to eliminate their motivations for engaging in these malicious and violent activities. 


Without such concerted action, employees may hesitate to assume their role as the frontline defense, potentially leaving organizations vulnerable to cyber threats and hindering the collective response to these acts of digital aggression. 

—–

P.S

 

Looking to stay in the loop on the latest IAM trends and updates?

 

Subscribe to the FiveNines IAM newsletter today and gain access to exclusive insights from industry leaders, groundbreaking companies, and global news outlets. Don’t miss out on the must-read monthly newsletter that delivers the juiciest edition yet of IAM resilience.

 

Subscribe on Linkedin now and stay ahead of the curve!

Scroll to Top
Skip to content