On 19 July 2021, the Australian Government joined international partners in expressing serious concerns about malicious cyber activities by China’s Ministry of State Security.
The coordinated statement effectively attributed responsibility for the large Microsoft Exchange breach in March 2021 to the Chinese Government. In an unprecedented move, Australia, joined with the United States, Japan, the United Kingdom, Canada, New Zealand, the European Union, and NATO, in issuing the statement.
Whilst much has been written about the impact of the Microsoft breach on information security, one aspect that deserves greater attention is the extent to which state-sponsored attacks are dovetailing with financially-motivated criminal activities. In the aftermath of the Microsoft Exchange attack, we need to stop viewing malicious cyber behaviour by nation-states as distinct from purely financial cyber-crimes, such as Business Email Compromise attacks. What’s now clear, is that these two types of cyber-activities are becoming inextricably linked.
For any CFO looking to mitigate their organisation’s risk of financial loss through cyber-crime, the malicious behaviour of nation-states needs to be on your radar. You can no longer afford to regard news of state-sponsored cyber-attacks as only having relevance for your organisation’s CISO or CTO. The malicious behaviour of nation-states is absolutely relevant for the CFO because it may portend an uptick in attempted financial crimes against your organisation.
It is no overstatement to say that we are now witnessing the manifestation of a new type of sovereign risk. The threat posed by this heightened risk requires CFOs to look for new ways to strengthen their organisation’s resilience against potential fraud. Perhaps the most effective way to achieve this is by breaking down the internal silos that still exist in many organisations.
Any entity that is financially exposed to the decisions or actions of a foreign state is carrying some element of sovereign risk. Typically, the type of sovereign risk that generates the most attention relates to decisions governments may take around repaying foreign debt. Defaulting on foreign debts is an indication of an unstable political system and potential economic crisis.
Sovereign risk may also exist in instances where a government nationalises private entities, resulting in investors losing their assets. Again, this is an indication of an unstable political system that cannot be trusted to act in accordance with accepted norms that are necessary for facilitating cross-border investments and trade.
In most cases, government policy decisions, such as the imposition of new regulations or changes to taxation arrangements, are not considered to be sovereign risks.
Should the alignment of nation-states and criminals in carrying out cyber-attacks be considered a new type of sovereign risk?
It is becoming clear that organisations around the world now face a new type of threat. This threat sees foreign nation-states either relying on, or hiding behind, criminal gangs that breach ICT systems.
Financially-motivated criminals are being tacitly backed by various governments to target foreign organisations. This may involve breaching an organisation’s systems to install backdoors that allow persistent entry. Not only are the criminals able to carry out crimes such as data theft, ransom attacks or Business Email Compromise attacks, but it also opens the door for a nation-state to engage in espionage.
Sometimes the nation-state may take the lead in penetrating a target organisation, which then paves the way for the criminals to come in and profit afterwards.
Either way, the involvement of criminal gangs allows a government to claim plausible deniability and makes it much harder to attribute responsibility. This is particularly the case when the crimes are conducted using virtual private servers (VPS) in other jurisdictions.
This is why the joint statement from the Australian Government and its allies attributing responsibility to China’s Ministry of State Security for the Microsoft Exchange attack is significant. The Microsoft breach was spearheaded by an Advanced Persistent Threat (APT) group known as Hafnium that operates from China. Microsoft describes the group as a “highly skilled and sophisticated actor.”
While Hafnium is based in China, it conducts its operations primarily from leased servers in the United States.
According to the joint statement, there is serious concern about the intersection of the Chinese Government and cyber criminals:
“The Australian Government is also seriously concerned about reports from our international partners that China’s Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese Government.”
Whilst it can plausibly be argued that all governments engage in cyber-espionage, the type of attack that targeted Microsoft Exchange servers is different in that it brings together both nation-states and financially-motivated criminals in a joint enterprise. This type of alignment represents a deliberate affront to the norms of how nation-states should behave vis-à-vis private enterprises.
It goes beyond routine intelligence gathering by deliberately undermining the ability of businesses around the world to maintain business-as-usual operations.
In that sense, what we are seeing is more than typical espionage. It represents a new type of sovereign risk which can undermine the ability of businesses to function normally.
The potential for cyber-attacks needs to be on every CFOs radar.
Financially-motivated cyber-criminals use vulnerabilities in your organisation’s network and applications as the vehicle to carry out fraud attacks against you. When those criminals have the resources and backing of a powerful nation-state, the threat is that much greater.
Traditionally, organisations have maintained a siloed approach, where IT and cyber-security was under the purview of the CTO or CISO, whilst fraud was the concern of the CFO. Such a siloed approach is no longer tenable. To mitigate this new type of sovereign risk, much closer coordination and alignment between the IT/Security and Finance departments is absolutely essential.
According to Joshua Goldfarb, Director of Product Management at F5, cyber-security and fraud risks have essentially converged. In response, Goldfarb calls for organisations to adopt a single, unified approach to addressing threats and risks that brings together IT/Security and Finance teams. Among his key recommendations are:
As Goldfarb points out, technologies can play a critical role in securing your organisation against fraud resulting from cyber-attacks. eftsure is a platform that recognises that many criminals now engage in a range of malicious cyber activities, such as Business Email Compromise attacks, as a prelude to initiating a fraud. By giving your Accounts Payable department visibility in real-time over all outgoing EFT payments, eftsure helps you reduce the risk of experiencing financial losses stemming from malicious cyber-attacks.
Contact eftsure today for a demonstration of our unique fraudtech solution and how it can help prevent your organisation being defrauded as a result of this new breed of sovereign risk.
How can you minimise insider threats without compromising culture? Find out 5 ways to do exactly that.
Crypto scams refer to any fraudulent practice in the cryptocurrency space aimed at tricking individuals into investing or giving away assets or …
A very real cyber risk lies within your business. Find out what you need to be aware of and how you can minimise insider threat risks.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
