In a late August report, U.S. cybersecurity company Venafi indicated that 66 percent of organizations worldwide modified their cybersecurity strategy, as a “direct response to the conflict between Russia and Ukraine.”
“Everyone is a target, and unlike a kinetic warfare attack, only you can defend your business against nation-state cyberattacks,” Kevin Bocek, vice president of Security Strategy and Threat Intelligence at Vanafi, says in the report. All organizations must recognize that cybersecurity is one of the top three business risks for everyone, regardless of industry, he added.
The survey of more than 1,100 security decision makers globally found that nearly 64 percent of businesses believe they were either directly targeted or affected by a nation-state cyberattack. Another key finding of the study conducted in Australia, Benelux (Belgium, Netherlands, Luxembourg), France, Germany, the United Kingdom, and the United States indicated that 77 percent of organizations believe that “we are in a perpetual state of cyberwar.”
As such, several countries have strengthened their cybersecurity systems in hospitals, energy networks, railroads, data centers, public administrations, and drug manufacturing, the CEREM Business School in Spain says in a blog.
On September 30, Mexican President Manuel López Obrador confirmed that the Defense Ministry had been the victim of a cyberattack, Mexican newspaper El Financiero reported. International hacker group Guacamaya was believed to be responsible for the attack. “They themselves claim that they have done something similar in Guatemala, Colombia, Chile, and El Salvador,” López Obrador said.
“Hackers use the [Latin American] region to train their resources before sending a destructive attack against a much more mature infrastructure,” Esteban Jiménez, chief technology officer of Costa Rican cybersecurity firm Atticyber, told Diálogo on September 29. “Latin America is a playroom for cyberattackers; international hackers are breaking into the computer systems of institutions and companies as part of their training process in order to include them in more complex operations further north,” he said.
According to Chilean news site Crónica Digital, on September 25, the Guacamaya group exposed some 10 terabytes of emails from different military and police agencies from five Latin American countries.
“In Latin America we have chaos because complex attack tools are mixed with systems that are in the development phase, which often have much more destructive consequences than the final weapon,” Jiménez said. “Latin American countries must understand and change from a reactive approach to a completely proactive approach. Understanding that […] we are going to be attacked at any moment.”
According to Venafi’s report, hackers are increasingly using machine identities, which establish trust during all kind of digital transactions, for their cyberattacks.
Russia’s SolarWinds and HermeticWiper attacks, which breached numerous Ukrainian entities just days before the Russian invasion, are examples of machine identity abuse by state actors, the report indicated.
China and Russia
China and Russia have been responsible for many of the threats governments and businesses have faced this year. So far in 2022, the Kremlin and Beijing instigated more than 50 cyberattacks, U.S. digital security firm Atlas VPN indicated in an August report, based on information from the Cyber Operations Tracker of U.S. think tank Council on Foreign Relations.
Kremlin-backed hackers carried out 27 attacks, mainly against Ukraine and its public institutions, Atlas VPN said. China sponsored 24 cyberattacks in the same period. Its hackers targeted the governments and companies of the United States, India, and Taiwan.
North Korean-backed hackers have also engaged in cyberattacks, Atlas VPN added. The North Korean cybercriminal group Lazarus was responsible for most of these attacks. Its main targets were the United States and South Korea.
“Russia invests directly, creates cells and attack groups, manages them at the highest level, allows them to have structure, and then groups work independently,” Jiménez said. “China is a multiplier of attack infrastructure that Russian and other groups use.”
In addition, Chinese Advanced Persistent Threat (APT) groups conduct cyber espionage to promote China’s international intelligence, while North Korean cells funnel the proceeds of cybercrime directly to their country’s weapons programs, Venafi reported.
According to Latin American cybersecurity experts, in the eventuality that the Ukraine war and the Taiwan crisis continue to escalate, the Panama Canal, which is essential to global trade, could be at “grave risk,” Jiménez said.
“If they [hackers] were to block the Panama Canal systems or if they were somehow hijacked, it would impede passage between the Pacific and the Atlantic. This is one of the items that should be kept under greater surveillance in all of the Americas,” Jiménez concluded.