Cybersecurity experts across the world reported a 5% rise in nation-state and targeted counterparty hacking concerns in December, according to an index issued by a research team from the NYU Center for Cybersecurity (CCS) at the New York University Tandon School of Engineering. This rise appears to correlate closely with the recent “sunburst” attack on national and business infrastructure via SolarWinds’ Orion business software updates.
The Index of Cyber Security, which is updated monthly at the NYU CCS website, collects sentiment estimates via direct polling of practicing security experts around the world on cybersecurity threat-related issues. The index has operated since 2008, with CCS curating and hosting the research project for two years.
“When we saw this rise, we immediately connected it to the recent massive third-party software attack involving SolarWinds,” said NYU Tandon Distinguished Research Professor Edward Amoroso, who leads the ICS research team. “The experts who provide data for our index clearly saw this threat as increasing in intensity.”
An additional risk indicator that rose during the month was a shift toward cyberattacks being specifically aimed at counterparties. “This increased targeting of designated counterparties, versus devices, systems, or other non-human actors, is consistent with the motivation inherent in most nation-state campaigns,” said Amoroso.
The sentiment index is based on observational factors such as unpatched servers, unsatisfactory audit findings, and average time to respond to an incident. Amoroso’s academic research group at NYU Tandon’s Department of Computer Science and Engineering collaborates with TAG Cyber LLC, which supports information technology functions. The CSI index and methodology were established by research-practitioners Dan Geer and Mukul Pareek.