Nations have long been accused of preparing to fight the last war instead of the next, a lesson military strategists like General Douglas MacArthur famously warned about. But in the past and today’s hyper-connected world, the less glamorous yet essential logistical elements—such as the ability to safeguard supply chains—often determine success. The COVID-19 pandemic brought this reality into sharp focus, exposing the vulnerabilities of global supply chains. As it turns out, the smooth and secure flow of goods, services, and information is just as vital in a military campaign as in times of peace. In this increasingly digital age, logistics aren’t just about moving troops or materials—they are now about defending the invisible but critical infrastructure that keeps societies functioning. And, as OpenText’s 2024 Threat Hunter Perspective reveals, nation-states and cybercrime rings have begun targeting these systems, posing threats to global supply chains and geopolitical stability.
OpenText’s 2024 Threat Hunter Perspective highlights alarming trends in the cyber threat landscape based on insights from cybersecurity experts monitoring millions of endpoints. A central finding is the growing collaboration between nation-states and organized cybercrime rings, which now coordinate attacks to maximize impact, especially on critical supply chains and geopolitical targets. With the global cost of cybercrime expected to reach $9.5 trillion in 2024 and escalate to $10.5 trillion by 2025, enterprises and CISOs must brace for a wave of increasingly sophisticated threats.
Our takeaways are as follows; you can get the whole report here.
A New Era of Cyber Threats
One of the signature shifts in the modern threat landscape is the tight coordination between nation-states and cybercriminal organizations. These partnerships allow simultaneous attacks on the same targets, compounding the damage. Russia and China are leading this charge. Russia, for example, often collaborates with groups like Killnet, Lokibot, and Amadey to enhance the effectiveness of its cyber operations, while China leverages groups such as Storm0558 and Red Relay to further its geopolitical aims, particularly in regions like the South China Sea.
“Nation-states are not slowing down, and with key global events like the U.S. presidential election approaching, organizations need to be on high alert,” said Muhi Majzoub, OpenText’s Executive Vice President and Chief Product Officer. “Our intelligence shows that adversaries are utilizing more sophisticated evasion techniques, and cyber defenses need to evolve just as quickly.”
For CISOs, the question has shifted from if an attack will occur to when and how. Understanding who is behind these attacks and their motives are essential to developing a robust defense. Enterprises must prepare for a wide range of threats, from ransomware and data breaches to sophisticated nation-state campaigns targeting supply chains.
Supply Chains: The New Cyber Battleground
The report highlights how global supply chains are becoming a prime target for nation-state attackers. These attacks are designed not just to disrupt individual companies but entire systems. By attacking transportation networks, shipping ports, or even national rail systems, attackers can disrupt military aid deliveries or economic flows, causing significant downstream effects. One notable case cited in the report involves Russian cyberattacks aimed at disrupting Western supply routes supporting Ukraine, using a mix of ransomware and DDoS attacks to target logistics providers and infrastructure.
This convergence of physical and cyber warfare tactics echoes the lessons of military history, where logistics often prove decisive. Just as getting supplies to the frontlines was crucial in traditional military campaigns, securing digital supply chains is essential in the modern age. Yet, as the report underscores, this critical part of global security often goes underprotected.
Timing is Everything
Cyber attackers are increasingly adept at choosing the most vulnerable moments to strike. Adversaries frequently time their attacks around significant events, such as national elections, major holidays, or business milestones. According to the report, Russian attackers tend to follow a Monday-to-Friday schedule, with increased activity within 48 hours of any geopolitical announcement or shift. Meanwhile, China’s cyber operations are less predictable but often concentrate data exfiltration activities around weekends or major global events, further reducing the chance of detection.
For example, after Finland’s 2023 ratification of its NATO membership, a surge of Russian cyberattacks targeted the nation’s critical infrastructure, timed around national election dates and military exercises. These cyber campaigns aimed not only to disrupt daily life but to intimidate and undermine Finland’s role in the geopolitical arena.
The Top Threats of 2024
OpenText’s report identifies the top 15 cyber threats for 2024, with tools such as Killnet (used in DDoS attacks) and Cobalt Strike (a penetration testing tool frequently hijacked by malicious actors) ranking high on the list. Threats from malware-as-a-service gangs, including Lokibot and Amadey, are also rising. These actors leverage sophisticated technologies to conduct cyber espionage, disrupt operations, and steal sensitive data.
Another disturbing trend is the rise of disinformation and misinformation campaigns, often executed using advanced artificial intelligence (AI) technologies. The report highlights how AI-driven deepfake videos and misinformation campaigns can strain public trust and disrupt government services. In one instance, a state-sponsored disinformation campaign overwhelmed a government portal, manually uploading false data to interfere with public services, while cybercriminals used AI to conceal data exfiltration activities.
Predictions for Fall 2024 – U.S Presidential Election
The report predicts that the 2024 U.S. presidential election will be a hotbed for cyber activity. Nation-states are expected to leverage the polarized political climate to launch misinformation campaigns, obstruct access to information, and undermine confidence in the electoral process. The cyber arms race is also expected to escalate, with nation-states hoarding zero-day vulnerabilities to unleash during periods of conflict or political unrest.
The report also warns of rising cyber threats from non-state actors, such as terrorist organizations, who are increasingly adopting sophisticated cyber tactics to attack critical infrastructure, including healthcare, energy, and transportation systems.
Defending Against Tomorrow’s Threats
In response to these growing threats, OpenText provides several key recommendations for CISOs and enterprises. One crucial lesson is the importance of getting back to basics: ensuring endpoint protection, deploying multi-factor authentication (MFA), and maintaining regular patch management. Additionally, organizations are encouraged to invest in advanced technologies, such as signal analysis and AI-driven threat detection, to stay ahead of sophisticated attackers.
“Organizations need to make the job of adversaries as difficult as possible,” said Grayson Milbourne, OpenText’s Security Intelligence Director. “Many breaches occur because of failures to follow simple security practices, like not using MFA or neglecting patch management.”
Collaboration across the cybersecurity community is also critical. By sharing intelligence and best practices, organizations and governments can mount a stronger defense against the growing threat of nation-state and cybercrime ring collaborations.