What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Aug 17, 2022
Increase in Observations of Socgholish Malware
THE THREAT Starting in early August 2022 and continuing through the month, eSentire identified a significant increase in Socgholish (aka. FakeUpdates) malware incidents. Socgholish is a loader type…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Sep 20, 2022
eSentire Recognized as Top Global MDR Provider by MSSP Alert, CrowdStrike and G2
Waterloo, ON - September 21, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), celebrated multiple industry recognitions as the leading global MDR provider, over the last week: Named #9, and the top pure play MDR provider on MSSP Alert’s Top 250 MSSPs global rankingRecognized as the CrowdStrike 2022 Global MSSP Partner of the Year Earned G2’s industry-renowned status…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Aug 08, 2022

The Impending Business Risk of Nation-State Adversaries

4 minutes read
Speak With A Security Expert Now

2022 has been a particularly challenging year for security leaders and practitioners alike. Although cyber threats like ransomware and zero-day attacks have always been present, the ongoing conflict between Russia and Ukraine has shined a spotlight on the impact that nation state-sponsored attackers can have on our critical infrastructure.

No matter how small or large your organization is, nation state hackers pose a very real threat. What’s more, many of these groups understand that there is incredible value in targeting smaller, local organizations, especially those within critical infrastructure. As these highly targeted cyberattacks continue to happen, we, as an industry, must ask ourselves: “How prepared is my organization really?”

Recently, I had the unique experience of visiting the White House courtesy of eSentire’s CEO, Kerry Bailey. We were invited to discuss our commitment to fight this emerging wave of cybercrime with Amit Mital, the Special Assistant to the President & Senior Director of Cybersecurity. This opportunity was particularly special for me considering my own professional experience with the Canadian Federal government and the fact that Amit Mital was a Board Member for eSentire prior to his role at the White House.

The visit itself was nothing short of incredible, but more importantly, it allowed me to put some real thought to where the cybersecurity industry is heading, and what security leaders need to get right to protect their organizations.

Security leaders must be able to demonstrate financial consequences of a cyberattack

As an industry, we must collaborate closely with the federal government to adequately deal with the cyber threats and risks posed by state-sponsored cybercriminals. Ransomware groups are continuing to target organizations in North America, and that means that organizations are going to need to make sizeable investments in dedicated cybersecurity teams and arming them with the right tools and threat detection capabilities, not just IT teams doing cybersecurity on the side.

We are more than capable of conducting the necessary blue teaming necessary to protect organizations (assuming budget availability) and articulate the business risk to demonstrate the potential financial impact to the organization.

CISOs who can demonstrate the financial consequences of a cyberattack and business downtime to their executive teams are more than likely going to get the budget required to prevent business disruption and protect their customers’ sensitive data.

Digital Forensics and Incident Response plays a critical role in determining ‘true attribution’

Cyberattacks launched by state-sponsored actors pose a significant challenge for the government because these attacks can be viewed as acts of war. However, many business leaders, who are beholden to their shareholders, don’t share the same perspective. They will always prioritize business continuity over determining the who, what, why, and how of any cyberattacks. As a result, CISOs are caught in the middle because their priority is getting their network and systems online after eliminating the threat so that they can return to business operations as quickly as possible. The geostrategic consequences are not in the CISO’s purview.

The challenge here is determining ‘true attribution’ and the collection of Digital Forensics and Incident Response data to support attribution. In Threat Intelligence, we are often asked to provide an analysis of the threat actor(s) responsible for an attack. But this is challenging given the ability of one threat actor group to pose as another.

A great example is the 2018 Pyeongchang Olympics – initial assessments indicated that North Korean operators were responsible for the cyberattack that crippled the Olympics IT infrastructure. However, it was later determined that the likely culprit was ‘Sandworm Team’, a Russian Advanced Persistent Threat (APT).

There are three criterial we can use to gain true attribution for any cyberattack:

The highest form of attribution is generally understood as Adversary Admission, and we typically want at least two of the above criteria before being almost certain in our attribution (e.g., Intrusion Analysis + Leak OR Leak + Adversary Admission).

The information collected during a Digital Forensics engagement is what supports Intrusion Analysis, but unfortunately, security leaders who are only concerned about business continuity typically remain unconcerned with these additional details.

Final thoughts

Unfortunately, nation-state adversaries have, and will continue to use our data against us, to manipulate our perceptions of reality, deny critical infrastructure, and steal our intellectual property so their organizations can prosper. Remember – the adversaries disrupting our society are no longer kids in their parents’ basement trying to figure out how to access servers and manipulate websites merely out of curiosity.

I think all organizations are going to be challenged over the next period as we continue to shore up our defenses from state sponsored threats. The most successful organizations will be those that have CISOs who are able to explain the financial risk associated with the potential damages of a cyberattack.

I do personally believe that the Canadian and U.S. federal governments are doing their part to create a more cyber resilient society. However, there should be more transparency and collaboration from the respective Federal governments with respect to attribution and the implications of these cyberattacks against our society.

To learn how eSentire can help put your business ahead of disruption and build a robust security operation, book a meeting with one of our cybersecurity specialists now.

Join 100,000+ Security Leaders

Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.

By clicking the button below I confirm that I have read and agree to the eSentire privacy policy.

View Most Recent Blogs
Ryan Westman
Ryan Westman Sr. Manager, Threat Intelligence

As Sr. Manager, Threat Intelligence, Ryan is responsible for demystifying the Threat Landscape for eSentire's Threat Response Unit. His goal is to detect, and respond to threats before they become risks to eSentire's client base.

Prior to eSentire, Ryan spent three years in Big 4 Consulting, helping build, develop, and establish a Threat Intelligence & Analytics team. Prior to Big 4 Consulting, Ryan was a member of Canada's Federal Public Service for over 5 years, employed by Public Safety Canada in Policy, and in the Canadian Armed Forces working in a variety of roles including Influence Activities and Civil Military Cooperation.

Ryan holds a BA in Political Science & History from Wilfrid Laurier University, a MSc in Counter-Terrorism from the University of Central Lancashire, a Master's degree from the University of Waterloo, and is a GIAC Certified Cyber Threat Intelligence Analyst.