View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
November 11, 2022updated 01 Dec 2022 5:21pm

Businesses relying on ‘a bit of luck’ to thwart state-backed cyberattacks – Deutsche Bank security chief

Signs of attack are becoming so subtle that organisations have to get lucky to stop state-backed hacking gangs.

By Claudia Glover

Organisations are relying on luck rather than security skill when it comes to stopping a state-backed cyberattack, a Deutsche Bank security chief has said.

Companies should train employees to look out for the subtle signs of state-sponsored criminals, says Fischer. (Photo by Nataly Reinch/Shutterstock)

Carsten Fischer, Deutsche Bank’s deputy chief security officer, added that organisations are also finding it harder to draw on data from previous attacks to boost their defences as some state-backed hackers are using ransomware after an attack to obliterate any evidence they leave behind.

Catching a state-sponsored cyberattack: more luck than skill

The threat posed by nation-stated-backed hackers is growing all the time, particularly in the wake of Russia’s war in Ukraine, which has seen criminal gangs based in Russia often acting in support of Vladimir Putin’s regime. Microsoft’s ‘Cyber Defence report’, released last week, details the growth of this activity. “Nation-state groups’ cyber targeting spanned the globe this past year,” it says, “with a particularly heavy focus on US and British enterprises. Organisations in Israel, the UAE, Canada, Germany, India, Switzerland, and Japan were also among some of the most frequently targeted, according to NSN (Nation State Notification) data.”

Nation-state backed cybercriminals are highly skilled at infiltrating networks noiselessly and moving through them undetected for as long as they need to. Tactics, techniques and procedures used by these hackers are increasingly sophisticated and are becoming more aggressive, according to the Microsoft report. “Nation-state actors are launching increasingly sophisticated cyberattacks designed to evade detection and further their strategic priorities,” it says. “As geopolitical relationships have broken down and hawkish elements have acquired more control in some nations, cyber actors have become more brazen and aggressive.”

Because of this, evidence of state-sponsored cybercriminals is incredibly hard to spot. When CISOs have managed, it has been more through luck than skill, Deutsche Bank’s Fischer told delegates at technology analysis company KuppingerCole’s Cyber Leadership Summit in Berlin this week. “Unfortunately, we need to talk about luck,” he said. “If you talk to CISOs who work with regular attacks from a nation-state and you ask them how they have detected them, you will figure out that it wasn’t the regular detection methods they were using. It was a bit of luck.”

The indicators of compromise are subtle and very often overlooked, he explained, meaning alerts aren’t automatically raised. This means swift action to stop a breach can hinge on human intervention, and often attacks are thwarted because “somebody saw something that looked a bit strange and they reacted to it,” Fischer said.

He believes this reality needs to be reflected in cybersecurity training. “You probably need to train your people to look for something that doesn’t really look malicious,” he suggested. In fact, training exercises should be planned with this issue in mind. “Having routines or writing exercises can develop threat hunting to look for something that doesn’t look malicious, which could be something really bad,” he added

Nation-state backed hackers are covering their tracks with ransomware

These nation-state backed hackers are also becoming adept at covering their tracks, which makes it difficult to gather information about breaches and how future problems can be avoided, Fischer told the conference. “One of the biggest nation-state attackers has now started to use ransomware as a method to hide what they have done, so we will learn less about what they have done,” he said.

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

“In the past, we always learned from others who got hacked, figuring out what they did and how better to detect them. They’re now using ransomware to really wipe it out. That’s becoming more sophisticated and more difficult for us.”

However, Marc Hofmann, chief security officer at Finnish bank Nordea, said information from past attacks remains one of the best ways to tackle future problems. “Take all the intelligence you have,” he advised delegates at the conference. “All threat detection software we have can’t replace threat intelligence gathered by information sharing.”

Read more: Rise of the chief trust officer could see CISO role split

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU