Cybersecurity

Worldwide cybersecurity threat surface shows dangers of foreign actors

“The ransomware groups do it for money,” one expert tells IT Brew. “The hacktivists do it to cause panic.”
article cover

Francis Scialabba

· 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

In a world of threats, danger is everywhere.

That’s the message from experts at this year’s RSA Conference, like John Fokker, head of threat intelligence and principal engineer at Trellix. Drawing on a career that included working in the Dutch police’s National High-Tech Crime Unit, Fokker monitors threats and danger from foreign adversaries.

“From all the signals that we collect, we disseminate it, and we try to understand how threat actors are leveraging attacks,” Fokker told IT Brew.

Detection time. Finding where foreign actors are probing and detecting blind spots often requires working with foreign detection teams, Fokker said. The global threat landscape is being driven, in part, by ideology—often related to kinetic conflict, as in the Middle East or Eastern Europe.

Ideological threats also worry Dawn Cappelli, director of the operational technology—cyber emergency readiness team at Dragos, because it’s harder to negotiate with people motivated by political activism.

“The ransomware groups do it for money,” Cappelli said. “The hacktivists do it to cause panic.”

Cappelli described a January 2024 hack of the Muleshoe, Texas, water utility which resulted in a brief overflow, one of three such attacks targeting small Texas municipalities, as an example of how these ideologically motivated groups are probing for weaknesses. At least one was linked to the Cyber Army of Russia Reborn, one of a number of Russia-affiliated criminal groups under the umbrella of hacking group Sandworm.

Flush out. What can make a weak link is when the person in charge of cybersecurity is overstretched.

“Small water utilities, they typically have a person who’s the IT person, the security person, and they cut the grass one day a week,” Cappelli said. “And so they truly just don’t know how to secure their plants.”

Unfortunately, disinterest in OT security is pervasive—spreading even to the professional sphere. Cappelli said that at one of her talks at RSA, when she asked how many people had heard of the Cyber Army of Russia Reborn, only two hands out of 200 went up.

“Even the security professionals at RSA aren’t fully aware of the cyber threats in OT,” Cappelli said.

On May 21, Cappelli’s former employer, Rockwell Automation, in partnership with CISA, released guidance for OT device access to the internet.

Planning mode. Fokker, the Trellix executive, told IT Brew that because of the security environment, hostile governments are supporting or at least permitting the gangs that are focused on causing chaos to operate. State actor attacks tend to complement that action, he said, with an eye toward causing more damage.

“We do see from our main adversaries that their intelligence-gathering is mostly focused on disruption,” Fokker said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.