NATO countries are finding themselves at increased risk for cyberattacks from nations opposed to the international alliance, according to research from Mandiant.
The cybersecurity firm said global conflicts have caused state-sponsored attack teams to step up their efforts in areas such as espionage, disinformation, and large-scale sabotage.
“The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable,” wrote Mandiant researcher John Hultquist.
“In addition to military targets, NATO must consider the risks that hybrid threats like malicious cyber activity pose to hospitals, civil society, and other targets, which could impact resilience in a contingency.”
Ukraine looms large
The Google-owned security provider said that Russia’s invasion of Ukraine is a key driver behind the increase in attacks on NATO members.
In an effort to boost Russia’s military efforts and discourage NATO countries from backing Ukraine’s plan to join the alliance, Kremlin-backed groups have increasingly looked to break into Western networks to extract intel and cause havoc by disrupting activity and damaging systems.
Ukraine, however, is not the only reason for increased attacks on NATO members. The Mandiant team noted that China is also stepping up its espionage efforts and targeting Western nations in an effort to extract both intel and trade secrets.
“NATO is targeted by cyber espionage activity from actors around the world with varying capabilities,” Hultquist explained.
“Many still rely on technically simple but operationally effective methods, like social engineering. Others have evolved and elevated their tradecraft to levels that distinguish themselves as formidable adversaries for even the most experienced defenders.”
Criminals gonna crime
Not every attack, however, is the work of a nation-state. The researchers noted that attacks from criminal groups seeking monetary payouts are also on the rise. Ransomware attacks have been growing more severe, particularly in vital fields such as healthcare and government services.
“Healthcare institutions in the U.S. and Europe have been repeatedly targeted by both Russian-speaking criminals seeking financial gain and North Korean state actors aiming to fund their espionage activities,” said Hultquist.
“The ability of these actors to operate from jurisdictions with lax cyber crime enforcement or extradition agreements, coupled with the lucrative nature of ransomware attacks, suggests that this threat will continue to escalate in the near future.”