Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Find cyber threats that have evaded your defenses.
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Brands of the world trust ReliaQuest to achieve their security goals.
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
The latest threat research report from ReliaQuest Threat Research research team.
The latest white papers focused on security operations strategy, technology & insight.
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Cyber threat reporting sits at a dichotomy. On the one hand, much furor is made of the role of non-state actors – the way in which criminal groups, proxies, hacktivists and even individuals can have an outsized impact in the threat that they pose. On the other hand, discussion of state campaigns is largely restricted to a handful or prevalent (and typically advanced) actors, with reporting focused on the usual suspects of Russia, China, Iran and North Korea. Yet, for an industry that has brought attention to both advanced state campaigns and script kiddies, the space in between remains chronically under-analyzed. This blog post seeks to redress this imbalance by exploring the emerging role of non-traditional state actors.
Our understanding of state actors is set to broaden given the emerging role of other state-affiliated actors and campaigns that have operated in the shadows for too long. Vietnam-based APT 32 (also known as Ocean Lotus) provides one example of an actor that possesses an impressive capability and a willingness to target a range of entities in a manner that reflects Vietnamese state interests, but has operated largely under the radar (although firm attribution to the Vietnamese Government has yet to be established).
Similar stories will continue to arise as other ‘new kids on the block’ emerge in the coming years. Yet, merely acknowledging the rise of new state actors only takes us so far; the strategic implications that arise from such a shift, however, are an altogether more interesting question. Crucially, the rise of other state actors poses significant challenges both for the cyber threat landscape and the role of threat intelligence analysts.
At the most obvious level, the emergence of non-traditional state campaigns will create an increasingly complex threat environment. This relates not only to the number of active threat actors, but also the breadth of aims and intentions pursued through cyber campaigns. We might have assumed that a threat actor using ransomware and other financially-motivated campaigns was a criminal group only a few years ago – then North Korea emerged as a state actor turning to cyber campaigns as a means of generating funds.
Threat intelligence analysts will need to remain open-minded going forward. As more states come to the fore, they will likely use cyber campaigns to achieve a variety of ends (not all of which may be immediately obvious right now). Conversely, other emerging states might seek to directly emulate current threat actors. Similarly, destitute governments might look to North Korean cyber campaigns as a paragon for efficient government revenue raising. If a variety of states pursue similar strategies, confirmation bias will increasingly risk leading analysts down blind alleys – reinforcing the need for teams to approach intelligence questions with structured techniques and an awareness of the psychological bear traps that exist in intelligence analysis.
Figure 1: Richards J. Heuer’s Psychology of Intelligence Analysis warns of the conscious and unconscious biases that can limit good intelligence analysis
The strategic immaturity of emerging state actors also represents a serious concern. Many of the current established players have invested a lot of time thinking about questions of deterrence, norm-building, and other strategic questions, yet these issues have proved consistently awkward to resolve. Capability management provides a good example of such a challenge in practice. Despite its sophistication, the US National Security Agency (NSA) has struggled to keep its operations and capability covert (think Edward Snowden, Reality Winner and Harold Martin).
Recent exposures have gone beyond a PR headache to creating materially destructive outcomes. After all, it was the NSA toolkit that was weaponized by North Korea in the WannaCry ransomware outbreak that went on to hamper hundreds of thousands of systems worldwide, including the British National Healthcare Service. If issues such as capability management have proved a real challenge for even the most sophisticated state actors, they are certain to apply to strategically immature state groups – thereby injecting more chaos into the cyber threat landscape. Cyber threats will therefore become increasingly unpredictable as more states enter the fray.
Current reporting has focused largely on how non-Western states are targeting Western entities. Yet, many emerging states’ ambitions will not reach so far afield. An increasing number of cyber campaigns are likely to instead reflect local geopolitical disputes. For emerging states in regions like the Middle East or the South China Sea, cyber campaigns will often be pointed towards their neighbors. This should not belie their significance, however: with many organizations operating in global environments, regional conflicts will be just as important as their intercontinental counterparts.
The emergence of non-traditional states will therefore put new burdens on threat intelligence vendors and analysts. This shift will demand adaptation – a need to understand more cultures, languages and local political situations. A more diverse threat landscape should be reflected in the makeup of analyst teams with a variety of perspectives increasingly important. Other communities will also represent an increasingly important resources – whether this be area studies academic centers that work with analysts to understand new contexts, or institutions including The Citizen Lab that explore state campaigns targeting the most vulnerable portions of civil society. In adapting to the arrival of the new kids on the block, the cyber security community will need to respond with what it has always needed in the face of a new challenge: a desire to learn and a strong dose of humility.
To stay up to date with the latest Digital Shadows (now ReliaQuest) threat intelligence and news, subscribe to our threat intelligence emails here.