The largest risks to the cyber security world continue to develop and evolve. These risks primarily target the confidentiality or availability sections of the impact triad, meaning the availability of a service or application or the data from individuals or an organization.
Due to the breadth of the cyber risk landscape, there are many risks that may threaten the United States, however, to report on these affectively we have assessed the top three threats that have significant impact on the United States. These include phishing attacks, ransomware, and cyber-espionage campaigns.
In the United States over $57 million is lost to phishing attacks, every year. Phishing is used to target both individuals and organizations for a multitude of reasons, adversaries can use phishing to gain access to credentials, financial information, spread malware or to gain access to private databases. And often these phishing campaigns have a wide range of success.
This is often due to the tailored nature of phishing attacks, with some of the most common compromises using billing issues as a ruse to target thousands of individuals at one time. Companies such as Netflix, Amazon and Apple have all had their brand and logos used in phishing attempts.
Phishing attacks on organizations can have many effects, including the loss of data, the release of ransomware and disruption to services. Previous operations that have targeted United States corporations include the basic phishing scams aimed at stealing personal identifiable information (PII) from Seagate Technology in 2016, which resulted in the theft of names, addresses and social security numbers belonging to all its former and current employees.
Other incidents include the theft of $2.4 million from a US bank targeted with the same attack twice in eight months, during 2018. The incident was incepted by a malicious Word document that was attached to a phishing email, and the same method was exploited in both compromises.
Methods of phishing attempts and how to spot or mitigate a phishing attempt can be found here in one of our other blog posts on the topic.
Ransomware globally is a goldmine for threat actors but in the United States, ransom payments have hit an all-time high. In late-March 2021, a $40 million ransomware payment was reported to have been paid by the United States insurance company, CNA Financial Corp.
Threat actors have also evolved, meaning more complex methods of infection, triple extortion and multiple strains of ransomware released into a victim’s system. All these developments have impacted the ransomware business and in-turn the ransomware ransom payment business. According to research, the average payment for a ransomware incident increased from $761,106 in 2020 to $1.85 million in 2021, more than double.
However, ransomware threatens more than just the economic stability of a corporation effected, it can also impact the organization’s reputation and its clients through the theft of data. As an extortion technique, it is commonplace for offending threat actors to exfiltrate sensitive data from an organization before encrypting their files and data, this stolen data can then be sold on cybercriminal forums or released for free by those responsible if a ransom is not paid.
Sensitive information can include payment details, personal information, social security numbers, date of births and private documents. All of which could have a detrimental affect to both corporation and its clients, in a multitude of ways.
Cyber-espionage, often state-sponsored is a method used to steal primarily intellectual proprietary information from organizations. Threat actors known to undertake such methods to gain information useful for their own government’s development are China, Russia, and North Korea.
APT28, a Russian state-sponsored threat actor, have used phishing methods to target diplomatic institutions, news organizations, energy companies and military contractors, for their proprietary information.
Other cyber-espionage campaigns include the targeting of the Indian government by Chinese state-sponsored threat actor, APT41. With long-standing political disputes and strained geopolitical communications highlighted as Chinese motives. Overall, the primary motive for these adversaries to undertake such operations comes down to political gain, namely political intelligence collection. Any campaign that may enable a furthering of nation-state power or knowledge seems to be of interest to these invested parties.
These groups often use current affairs to theme their attacks, namely the APT41 compromise against the Indian government used Covid-19 themed lures in their compromise.
Other cyber threats to the United States include DDoS attacks, malware distribution, Internet of Things (IoT) attacks, other state-sponsored compromises and cryptomining. As the use of connected devices increases so does the risk of these threats, however, there are a significant number of mitigations that can be put in place to potentially counter or at least reduce the risk of these threats to an individual or organization.
Overall, the quantity and type of threats do not differ greatly from those that affect other nation-states in other parts of the world. However, due to the United States’ global power and influence it is likely to remain a primary target for cybercriminals and state-sponsored threats alike. Very little is likely to deter this other than increasing cyber risk awareness and introducing the necessary mitigations that each threat requires.