STOCK TITAN

OpenText Cybersecurity's 2024 Threat Hunter Perspective Shows Collaboration Between Nation-States and Cybercrime Rings to Inflict More Damage

Rhea-AI Impact
(Neutral)
Rhea-AI Sentiment
(Negative)
Tags

OpenText has released its 2024 Threat Hunter Perspective, revealing a significant trend in the cybersecurity landscape: collaboration between nation-states and cybercrime rings targeting global supply chains. The report highlights that Russia is collaborating with malware-as-a-service gangs like Killnet and Lokibot, while China is working with groups such as Storm0558 and Volt Typhoon.

Key findings include:

  • Attackers are focusing on specific events, especially major holidays and the upcoming U.S. presidential election
  • Russian cyberattacks typically follow a Monday-Friday schedule
  • Chinese attacks often schedule data exfiltration for weekends
  • Nations with weaker cyber defense infrastructure are being compromised
  • Global supply chains are being targeted to indirectly impact primary targets

The report emphasizes the need for enterprises to be prepared for large-scale attacks, making threat intelligence and defense capabilities crucial.

OpenText ha rilasciato il suo 2024 Threat Hunter Perspective, rivelando una tendenza significativa nel panorama della cybersecurity: la collaborazione tra stati nazionali e bande di crimine informatico che prendono di mira le catene di approvvigionamento globali. Il rapporto evidenzia che la Russia sta collaborando con bande di malware-as-a-service come Killnet e Lokibot, mentre la Cina sta lavorando con gruppi come Storm0558 e Volt Typhoon.

I principali risultati includono:

  • Gli attaccanti si concentrano su eventi specifici, in particolare le festività e le prossime elezioni presidenziali americane
  • Gli attacchi informatici russi seguono tipicamente un programma dal lunedì al venerdì
  • Gli attacchi cinesi spesso pianificano l'esfiltrazione dei dati durante i fine settimana
  • Le nazioni con infrastrutture di difesa cibernetica più deboli stanno subendo compromissioni
  • Le catene di approvvigionamento globali vengono mirate per influenzare indirettamente gli obiettivi principali

Il rapporto sottolinea la necessità per le imprese di essere pronte ad attacchi su larga scala, rendendo l'intelligenza sulle minacce e le capacità di difesa cruciali.

OpenText ha presentado su Perspectiva del Cazador de Amenazas 2024, revelando una tendencia significativa en el panorama de la ciberseguridad: la colaboración entre estados-nación y grupos de cibercriminalidad que atacan las cadenas de suministro globales. El informe destaca que Rusia está colaborando con pandillas de malware como Killnet y Lokibot, mientras que China trabaja con grupos como Storm0558 y Volt Typhoon.

Los hallazgos clave incluyen:

  • Los atacantes se centran en eventos específicos, especialmente las grandes festividades y las próximas elecciones presidenciales de EE.UU.
  • Los ciberataques rusos suelen seguir un horario de lunes a viernes
  • Los ataques chinos a menudo programan la exfiltración de datos para los fines de semana
  • Las naciones con infraestructura de defensa cibernética más débil están siendo comprometidas
  • Las cadenas de suministro globales son blanco para impactar indirectamente a los objetivos principales

El informe enfatiza la necesidad de que las empresas estén preparadas para ataques a gran escala, convirtiendo la inteligencia sobre amenazas y las capacidades de defensa en elementos cruciales.

OpenText는 2024 위협 헌터 관점을 발표하며 사이버 보안 분야에서 중요한 추세를 밝혔습니다: 국가와 사이버 범죄 집단 간의 협력이 글로벌 공급망을 목표로 하고 있다는 것입니다. 보고서에 따르면 러시아는 Killnet 및 Lokibot와 같은 맬웨어 서비스 갱과 협력하고 있으며, 중국은 Storm0558 및 Volt Typhoon과 같은 그룹과 협력하고 있습니다.

주요 발견 사항은 다음과 같습니다:

  • 공격자들은 주요 휴일 및 다가오는 미국 대통령 선거와 같은 특정 이벤트에 집중하고 있습니다
  • 러시아의 사이버 공격은 일반적으로 월요일부터 금요일까지 이루어집니다
  • 중국의 공격은 종종 주말에 데이터 유출이 계획됩니다
  • 사이버 방어 인프라가 약한 국가들이 공격받고 있습니다
  • 글로벌 공급망이 주요 목표에 간접적으로 영향을 미치기 위해 겨냥되고 있습니다

보고서는 기업들이 대규모 공격에 대비할 필요성을 강조하며, 위협 정보와 방어 능력이 중요하다고 강조합니다.

OpenText a publié sa Perspectives des Chasseurs de Menaces 2024, révélant une tendance significative dans le paysage de la cybersécurité : la collaboration entre États-nations et groupes de cybercriminalité ciblant les chaînes d'approvisionnement mondiales. Le rapport souligne que la Russie collabore avec des gangs de malware-as-a-service comme Killnet et Lokibot, tandis que la Chine travaille avec des groupes tels que Storm0558 et Volt Typhoon.

Les résultats clés incluent :

  • Les attaquants se concentrent sur des événements spécifiques, en particulier les grandes fêtes et les prochaines élections présidentielles américaines
  • Les cyberattaques russes suivent généralement un emploi du temps du lundi au vendredi
  • Les attaques chinoises prévoient souvent l'exfiltration de données pour les week-ends
  • Les nations avec une infrastructure de défense cybernétique plus faible sont compromises
  • Les chaînes d'approvisionnement mondiales sont ciblées pour impacter indirectement les cibles principales

Le rapport souligne la nécessité pour les entreprises de se préparer à des attaques à grande échelle, rendant l'intelligence sur les menaces et les capacités de défense cruciales.

OpenText hat seine 2024 Threat Hunter Perspektive veröffentlicht, die einen signifikanten Trend in der Cybersecurity-Landschaft aufzeigt: die Zusammenarbeit zwischen Nationen und Cybercrime-Ringen, die globale Lieferketten ins Visier nehmen. Der Bericht hebt hervor, dass Russland mit Malware-as-a-Service-Gangs wie Killnet und Lokibot zusammenarbeitet, während China mit Gruppen wie Storm0558 und Volt Typhoon kooperiert.

Zu den wichtigsten Ergebnissen gehören:

  • Angreifer konzentrieren sich auf bestimmte Ereignisse, insbesondere große Feiertage und die bevorstehenden Präsidentschaftswahlen in den USA
  • Russische Cyberangriffe erfolgen typischerweise nach einem Montag-Freitag-Schema
  • Chinesische Angriffe planen oft die Datenexfiltration für das Wochenende
  • Nationen mit schwächerer Cyberabwehrinfrastruktur werden kompromittiert
  • Globale Lieferketten werden angegriffen, um indirekt primäre Ziele zu beeinträchtigen

Der Bericht betont die Notwendigkeit für Unternehmen, sich auf großangelegte Angriffe vorzubereiten, wodurch Bedrohungsinformationen und Abwehrfähigkeiten entscheidend sind.

Positive
  • OpenText released comprehensive threat intelligence findings
  • The report provides insights into nation-state and cybercrime collaboration patterns
  • Detailed information on attack schedules and tactics enhances preparedness
Negative
  • Increased collaboration between nation-states and cybercrime rings poses greater threats
  • Cybercrime costs projected to reach $9.5 trillion in 2024, increasing to $10.5 trillion by 2025
  • Global supply chains vulnerable to indirect attacks
  • Weak security fundamentals and lack of basic countermeasures increase vulnerability

Insights

The collaboration between nation-states and cybercrime rings marks a significant escalation in the threat landscape. This synergy amplifies the potential for devastating attacks, particularly on global supply chains. The projected increase in cybercrime costs to $10.5 trillion by 2025 underscores the critical nature of this threat.

Key points of concern include:

  • Targeted attacks coinciding with major events like the U.S. presidential election
  • Sophisticated evasion techniques bypassing traditional defenses
  • Exploitation of weak security fundamentals in various nations
  • Strategic timing of attacks, such as data exfiltration on weekends

For investors, this trend signals potential growth in the cybersecurity sector, particularly for companies offering advanced threat intelligence and defense capabilities. However, it also poses risks to businesses across all sectors, potentially impacting supply chains and overall market stability.

The report highlights a concerning trend of nation-state actors leveraging cybercrime rings to further geopolitical agendas. Russia's collaboration with malware-as-a-service gangs and China's partnerships with cybercrime groups to support its South China Sea agenda are particularly noteworthy.

This blending of state and criminal activities creates a more complex and unpredictable threat environment. It suggests that:

  • Geopolitical tensions are increasingly playing out in cyberspace
  • Critical infrastructure and global supply chains are prime targets
  • Developing nations with weaker cyber defenses are being exploited as attack vectors

Investors should be aware that geopolitical events and tensions could have more immediate and severe impacts on global markets through these sophisticated cyber operations. Companies with strong cybersecurity measures and those providing cybersecurity solutions may see increased valuation, while vulnerable sectors could face heightened risks.

Adversaries are taking advantage of weak security fundamentals and a lack of countermeasures to carry out cyberattacks

WATERLOO, ON, Sept. 27, 2024 /PRNewswire/ -- OpenText™ (NASDAQ: OTEX), (TSX: OTEX) today released the results of its 2024 Threat Hunter Perspective. The report found that the collaboration and coordination taking place between nation-states and cybercrime rings to target global supply chains and further geopolitical motives has become a signature trend in the threat landscape.

For CISOs, the question isn't whether attacks will happen, but what form they'll take and how enterprises can prepare. According to Cybersecurity Ventures, the cost of cybercrime is projected to reach $9.5 trillion in 2024 and is expected to increase to $10.5 trillion by 2025. To understand the current threat landscape, CISOs need to know not just the types of threats but also who is behind them, when they might occur, why they're happening, and how they're executed. Connecting these dots helps threat hunters gain a clearer picture of the risks organizations face, enabling more effective preparation and response.

"Our threat intelligence and experienced threat hunting team have found that nation-states are not slowing down and, as notable events like the U.S. presidential election get closer, every organization in the global supply chain needs to be on high alert for advanced and multiple cyberattacks," said Muhi Majzoub, executive vice president and chief product officer, OpenText. "Based on the report's findings, enterprises need to be prepared for large-scale attacks, making adversarial signals, threat intelligence and defense capabilities more important than ever." 

Highlights from this year's report, which explores comprehensive findings from OpenText threat intelligence and hunters on the front lines of cybersecurity, include:

  • Organized crime rings are supporting attacks by nation-states—possibly through direct collaboration or coordination—by attacking the same targets at the same time.
    • Russia has been seen to collaborate with malware-as-a-service gangs including Killnet, Lokibot, Ponyloader and Amadey.
    • China has entered into similar relationships with the Storm0558, Red Relay, and Volt Typhoon cybercrime rings, typically to support its geopolitical agenda in the South China Sea.
    • The top threats include Killnet (DDoS attacks), Lokibot (info-stealing malware) and Cobalt Strike (penetration testing tool used by APT groups)
  • Attackers are keyed in on specific events, especially major holidays, military aid to Ukraine, turning the upcoming U.S. presidential election into a time of imminent peril. Nation-states also target specific days of the week for cyberattacks:
    • Russian cyberattack activity typically follows a Monday through Friday schedule with spikes within 48 hours of an adversarial announcement.
    • Chinese attacks don't follow a set schedule, though any data exfiltration is typically slated for Friday afternoons or Saturdays, when it's more likely to be missed, with the data broken into smaller chunks to further reduce suspicion.
  • Evasion, misdirection and masquerading are helping adversaries get around defenses designed for direct attacks. Many attacks are taking advantage of weak security fundamentals, with victims increasing their vulnerability by not taking basic countermeasures.
    • Nations with weaker cyber defense infrastructure, like the Democratic Republic of Congo, Argentina, Iran, Nigeria, Sudan, Venezuela and Zimbabwe, have all been compromised, broadening the range of potential sources for a large-scale attack.
    • Global supply chains offer another indirect means of inflicting damage where the attacker might target the operations of a port or transportation network to disrupt a military aid shipment to have an indirect but significant impact on the primary target.

Additional Resources:

  • To read the full report and methodology, click here.
  • For further insights into the report, read our blog post.

About OpenText Cybersecurity
OpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention, detection and response to recovery, investigation and compliance, our unified/end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time and contextual threat intelligence, OpenText Cybersecurity customers benefit from high efficacy products, a compliant experience and simplified security to help manage business risk.

About OpenText 
OpenText™ is the leading Information Management software and services company in the world.  We help organizations solve complex global problems with a comprehensive suite of Business Clouds, Business AI, and Business Technology.  For more information about OpenText (NASDAQ/TSX: OTEX), please visit us at www.opentext.com.

Connect with us:

OpenText CEO Mark Barrenechea's blog
Twitter | LinkedIn 

Certain statements in this press release may contain words considered forward-looking statements or information under applicable securities laws. These statements are based on OpenText's current expectations, estimates, forecasts and projections about the operating environment, economies, and markets in which the company operates. These statements are subject to important assumptions, risks and uncertainties that are difficult to predict, and the actual outcome may be materially different. OpenText's assumptions, although considered reasonable by the company at the date of this press release, may prove to be inaccurate and consequently its actual results could differ materially from the expectations set out herein. For additional information with respect to risks and other factors which could occur, see OpenText's Annual Report on Form 10-K, Quarterly Reports on Form 10-Q and other securities filings with the SEC and other securities regulators. Readers are cautioned not to place undue reliance upon any such forward-looking statements, which speak only as of the date made. Unless otherwise required by applicable securities laws, OpenText disclaims any intention or obligations to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. Further, readers should note that we may announce information using our website, press releases, securities law filings, public conference calls, webcasts and the social media channels identified on the Investors section of our website (https://investors.opentext.com). Such social media channels may include the Company's or our CEO's blog, Twitter account or LinkedIn account. The information posted through such channels may be material. Accordingly, readers should monitor such channels in addition to our other forms of communication. 

Copyright © 2024 OpenText. All Rights Reserved. Trademarks owned by OpenText. One or more patents may cover this product(s). For more information, please visit https://www.opentext.com/patents.

OTEX-G

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/opentext-cybersecuritys-2024-threat-hunter-perspective-shows-collaboration-between-nation-states-and-cybercrime-rings-to-inflict-more-damage-302260809.html

SOURCE Open Text Corporation

FAQ

What is the main finding of OpenText's 2024 Threat Hunter Perspective report?

The main finding is the increased collaboration between nation-states and cybercrime rings to target global supply chains and further geopolitical motives.

Which cybercrime groups is Russia collaborating with according to the OpenText report?

According to the report, Russia is collaborating with malware-as-a-service gangs including Killnet, Lokibot, Ponyloader, and Amadey.

How are attackers exploiting global supply chains according to OpenText's report?

Attackers are targeting operations of ports or transportation networks to disrupt military aid shipments, indirectly impacting primary targets.

What is the projected cost of cybercrime in 2024 according to the OpenText report?

According to Cybersecurity Ventures, cited in the report, the cost of cybercrime is projected to reach $9.5 trillion in 2024.

How does the OpenText report suggest Chinese cyberattacks differ from Russian ones?

The report states that Chinese attacks don't follow a set schedule, but often schedule data exfiltration for weekends, while Russian attacks typically follow a Monday through Friday schedule.

Open Text Corp

NASDAQ:OTEX

OTEX Rankings

OTEX Latest News

OTEX Stock Data

7.33B
260.08M
2.1%
77.98%
1.87%
Software - Application
Services-computer Integrated Systems Design
Link
United States of America
ONTARIO CANADA