Unit 42 highlights threat intelligence importance as Russia, Ukraine ransomware attacks fly under the radar

As threat actors continue to become more sophisticated, staying ahead of the curve is a game-changer.

Threat intelligence is now more important than ever, because a perfect storm is brewing based on ransomware attacks between Russia and Ukraine, with nation-state actors undertaking significant cyber espionage work undetected, according to Wendi Whitmore (pictured), senior vice president for Unit 42 at Palo Alto Networks Inc.

“When it comes to just general espionage techniques, data exfiltration, intellectual property theft, those are going on now more than ever,” she said. “We’re under the landscape of a major war going on between Russia and Ukraine of ransomware attacks. That’s one of the key reasons why having threat intelligence is so important. It’s become even more important now, because these groups switch teams more frequently than NFL trades.”

Whitmore spoke with theCUBE industry analysts Lisa Martin and Dave Vellante at Ignite ’22, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how threat actors keep on innovating and the importance of threat intelligence in mitigation purposes. (* Disclosure below.)

Extortion is going through the roof

Bad actors have mastered the art of extortion through new means, such as customer service, because decryption has become painstaking and time-consuming, according to Whitmore, who said that this has seen a surge of victims on leak sites.

“We have a stat in our ransomware threat report that talks about how often victims are posted on leak sites, and I think it’s once every seven minutes,” she said. “So what they’ve really looked to do now is extortion, where they simply steal the data and then threaten to post it on these leak sites. That’s really a blending of these techniques of traditional cyber espionage with intellectual property theft. One of the other areas that they pride themselves on is customer service.”

Nation-state actors’ landscape has changed because they go beyond targeting government agencies and research institutions because enterprises are on their radar, Whitmore pointed out. This has emerged based on the convergence notion.

“One of the interesting things that I think is occurring is this idea of convergence,” she stated. “Traditionally, if we looked at a nation-state actor, like China or Russia, they were very specific about the types of victims. Now what we’re seeing actually is those same attackers going towards a much larger supply chain. SolarWinds is a great example of that, the Hafnium attacks towards Microsoft Exchange Server last year.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Ignite ’22:

(* Disclosure: TheCUBE is a paid media partner for Ignite ’22. Neither Palo Alto Networks Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE