WithSecure - Experts & Thought Leaders

For a variety of malicious threat actors operating in and out of cyberspace, prominent events with large audiences, such as sporting events and elections, are prime targets for attack. Cyberthreats to Paris With the Paris Olympics approaching, WithSecure™ (formerly F-Secure Business) has issued an evaluation report, "Olympics – Cyber Threats to Paris 2024", to alert businesses, organisations, and the general public to the cyber threats facing the Paris 2024 Olympics.  This report categorises threat actors into Russian/Chinese/Iranian/North Korean state hackers, hacktivists, and cybercrime groups, and describes their attack intentions/capabilities/likely objectives.  Attacking opportunities Attackers often target organisers and sponsors, hijack events or associated sites to send a political message Attackers seek opportunities to exploit people's attention, such as the fraudulent sales of fake, cheap tickets or free tour notifications. They often target organisers and sponsors, hijack events or associated sites to send political messages, and hijack relay network equipment to gain a foothold for cyber attacks.  Cyber-attacks There is no greater world stage than the Olympic Games. More than 500 million more people watched the 2022 Beijing Winter Olympics than the 2022 football World Cup, and a further billion people watched the 2020 Summer Olympics in Tokyo. Meanwhile, organisers of Tokyo 2020 also reported facing 450 million cyber-attacks - although this is a somewhat vague statistic, as it is hard to quantify a single unit of 'cyber-attack'.  Assessing threat levels "We strongly believe that the Paris Olympics will face a greater threat of malicious cyber activity than previous Olympics," predicts Tim West, Director of Threat Intelligence and Outreach at WithSecure. “Hacktivists aligned with states that are pro-Russia will almost certainly try to disrupt the Olympics in some way. We assess that the level of threat these groups pose to the Olympics is moderate."  Impact of cyberattacks As 2024's host nation, France is acutely aware of the prestige that comes with hosting the Olympics As 2024's host nation, France is acutely aware of the prestige that comes with hosting the Olympics. Hackers also know that rampant cyber-attacks can diminish that prestige. As a result, the direct and indirect impact of successful attacks on individuals, companies, and organisations can be immeasurable.  Report evaluations Below are some of the other evaluations pointed out by WithSecure in the report:  Network defenders involved in Paris 2024 are almost certainly well-equipped and prepared to mitigate Computer Network Exploitation (CNE) and Computer Network Attacks (CNA) operations.  WithSecure assesses with moderate confidence that some nation-state-sponsored intrusion sets (China, Iran, DPRK) may have objectives that can be achieved by capitalising on the topic of the Olympics, however, the threat posed by these to the Olympics itself is LOW.  Cyber security operation "There are numerous threats to the Olympics, with varying levels of motivation and capabilities, and a successful cyber security operation will be a great challenge for the Olympic authorities," says West. "This being said, the defenders will also be well-equipped and will be able to take advantage of the lessons learned from past Olympics," he concludes with optimism. 

WithSecure™ is offering partners exclusive access to its intelligent exposure management technology, to give them a first look at its comprehensive new way of proactively preventing breaches. Proactive prevention Set to launch at WithSecure’s SPHERE24 event on 28–29 May 2024, the solution is the latest addition to WithSecure™ Elements Cloud, enabling mid-market companies to drive the paradigm shift from reactive to proactive cyber security.  A rapidly expanding attack surface drives this adoption of proactive prevention, the professionalisation of cybercrime, and the imperative to optimise resources.  Security weaknesses “Technology advances are fuelling the business of cyber attacks. Today’s companies are faced with cyber criminals who can find security weaknesses far faster than humans can fix them,” says Mika Lindroos, Product Director, WithSecure Exposure Management. “Add in misconfigured clouds, decentralisation, and the complexity of supply chains as well as the ever-increasing number of managed and unmanaged devices, web apps, and SaaS services and it’s no wonder the number of breaches keeps rising.”  Security incident study findings  Further, the share of incidents attributed to supply chain attacks skyrocketed from 1% in 2020 to 17% A recent European study found that more than one in five – 22% – of enterprises in the European Union had suffered a security incident that led to service downtime or data loss. Further, the share of incidents attributed to supply chain attacks skyrocketed from 1% in 2020 to 17% just a year later. Elements Exposure Management WithSecure™ Elements Exposure Management has been particularly designed for mid-market businesses and security service partners serving them. It gives security operations teams 360° visibility across their entire digital estate, enabling them to constantly discover digital exposures and simulated attack paths before cyber criminals do. Knowing that not all exposures are equal, the solution uses AI models to prioritise and recommend the best actions to remediate exposures effectively. If needed, security teams can also elevate complex remediation actions to expert teams at WithSecure™.  Programme offerings The programme offers partners the opportunity to meet the growing demand for exposure management WithSecure partners are invited to join the Exposure Management early access programme. Participating in the programme offers partners the opportunity to meet the growing demand for exposure management, stay ahead of the competition, and differentiate themselves in the increasingly competitive cybersecurity market. By aligning with the latest trends and best practices in threat exposure management, partners can enhance their value proposition and strengthen their position as trusted advisors to customers.  Enhancing cybersecurity “The shift towards proactive threat exposure management represents a significant opportunity for partners to enhance their cyber security offering,” Lindroos adds. “Partners who join our early access programme will gain access to cutting-edge exposure management technologies and tools, training, and co-marketing opportunities,” he concludes.    Exposure Management will launch for partners and customers at SPHERE, WithSecure’s annual co-security unconference, on 28–29 May 2024, and in the second half of the year for mid-market companies. 

Stephen Robinson, Senior Threat Intelligence Analyst at WithSecure, comments on the Schneider Electric ransomware attack, stating, “The attack on Schneider Electric follows a trend of cyberattacks against the energy sector." He adds, "The energy sector is a popular target for ransomware due to playing a vital role in society's daily functioning – disruption can have far-reaching consequences. Schneider Electric themselves were victims of Lockbit's MoveIT ransomware campaign in 2023, so it is concerning to see them compromised again so soon." Leveraging data Stephen Robinson continues, "Energy companies hold huge amounts of PII which not only has value on the dark web but is excellent leverage for cyber attackers when demanding a ransom." He said, "In addition to this, it was Schneider Electric's Sustainability Business enterprise consulting arm that was compromised. Its customers include mega-companies such as Hilton, Pepsico, and Walmart, and they likely hold sensitive data belonging to these companies." Cactus ransomware brand TTPs follow the standard ransomware playbook, making use of well-known tooling and methods" Stephen Robinson adds, "Schneider Electric is yet to confirm if the Cactus ransomware brand was responsible for the attack, and they have not as yet been listed on the group's leak site, however, Cactus has become increasingly active in recent months." He continues, "They are a multipoint extortion group that first appeared in March 2023, and their TTPs follow the standard ransomware playbook, making use of well-known tooling and methods. During multiple of their initial attacks in 2023, Cactus gained access to victim networks via vulnerable VPN gateways, often Fortinet VPN instances." Risk assessments Stephen Robinson concludes, "The energy sector and other, similar Critical National Infrastructure (CNI) will continue to be a regular target for cyberattacks, especially with the current, heightened geopolitical tensions. In its Annual Review, the UK NCSC warned about the increasing threat towards CNI." He further said, "Therefore, energy organisations must invest in regular risk assessments and advanced security measures to minimise their attack surface.”