Tim Cook sent an email to Apple employees Tuesday evening about an all-hands meeting that leaked to The Verge last week. He said the company is doing “everything in our power to identify those who leaked” and noted that “people who leak confidential information do not belong” at Apple.
Last month, a former lead scientist of glass manufacturer Corning was indicted for stealing trade secrets relating to a DARPA collaboration. While Corning may be able to successfully pursue legal compensation, by the time that rogue employee had exfiltrated critical business data and shared with international competitors, the damage had already been done. Exacerbated by the vast amount of data the average manufacturer is tasked with managing, the threat of insider theft today is more relevant than ever. The past year has already seen the manufacturing industry face an unprecedented wave of cybercrime, with one threat report finding cyberattacks on the industrial sector have spiked 91% in the past year. This unfortunate trend is not likely to reverse any time soon. Another report from Deloitte finds that nearly 50% of manufacturing executives lack confidence that their firms are protected.
The issue is especially worrisome for financial services firms. According to S&P Global Market Intelligence, current market conditions have created “significant” challenges for banks that, in turn, put them at greater risk of insider threats. Banks also have more to lose from these threats. “While these challenges are present in any institution, insider threats pose a greater risk for banks,” says Gaurav Deep Singh Johar, member of the Emerging Trends Working Group for the IT trade association ISACA. “There is a big reputational impact, thanks in part to increasing regulatory oversight.”
On Sunday, video surveillance giant Hikvision posted a security advisory on its website warning customers of a cyber vulnerability that could impact millions of cameras and network video recorders (NVRs) deployed globally.
The “command injection vulnerability” could allow threat actors to have complete control of compromised devices and was discovered by cybersecurity researcher Watchful IP in June and first reported on Monday by IPVM.
In the warning, posted on September 22, the agencies observed the increased use of Conti in more than 400 attacks against organizations in the United States and internationally.
The alert said that Conti actors often get network access via spearphishing campaigns, stolen or weak remote desktop protocol (RDP) credentials, phone calls, fake software promoted via search engine optimization, common vulnerabilities in external assets and other malware distribution networks.
The cyber threat landscape is as diverse as it is sophisticated. Staying abreast of these threats, understanding actors’ motivations and knowing their tactics, techniques and procedures (TTPs) is paramount.
While most media reports focus on threats from nation-states such as Russia, China and North Korea, a broader global set of countries is involved in campaigns to gain access to valuable intelligence or are designed to influence, disrupt and compromise the political or economic stability of other nations. Here is an overview of six of the most important nation-state groups and examples of recent operations that underscore their objectives, typical targets and initial access tactics.