Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How worried should your organisation be about cyber espionage - and what can you do about it?

Tamlin Magee | March 23, 2017
As the internet of things propels us towards a completely connected world of exponentially growing data there is every chance your organisation will be interesting to attackers - including from nation states.

gchq cheltenham
gchq cheltenham

Barely a month goes by without new reports of a country engaging in cyber espionage or other technology-enabled attacks. As the internet of things propels us towards a completely connected world of exponentially growing data there is every chance your organisation will be interesting to attackers - including from nation states.

There's a growing realisation that this is the case.

According to a recent report from cybersecurity vendor Trend Micro, IT decision makers across Europe and the US believe cyber espionage is the most serious risk to their organisation. A Public Accounts Committee report, meanwhile, noted that the threat of "electronic data loss from cyber crime, espionage, and accidental disclosure has risen considerably".

That doesn't mean nothing can be done to dampen the risk. But how serious a problem is industrial espionage, from nations or otherwise?

"Espionage hasn't really changed," says Jarno Niemela, senior security researcher at F-Secure. "It has always been more about the goals rather than the methods."

Leaks from CIA and GCHQ confirm the capabilities of intelligence agencies are sophisticated and wide in scope. There is speculation that Russian intelligence might permit cybercrime to occur within its borders, and that information taken from this might sometimes be useful to the state.

And in 2015 China and the US reached a cyber agreement to reduce espionage in private sector firms - signalling the frequency with which these attacks took place.

The FBI filed a federal indictment that accused five hackers from China's People's Liberation Army Unit 61398 of stealing information from corporations including US Steel and Westinghouse, as well as breaking into the United Steelworkers union. And an indictment from the Justice Department accuses two Russian spies and two cybercriminals of being behind the enormous Yahoo email breach attack - the largest data breach in history.

Most cyber espionage is undertaken by state actors or state-affiliated actors, typically chasing information that is politically or militarily expedient. But there are cases where pure commercial information has been obtained, quite possibly leaked to friendly people within companies and in exchange for some other favour.

"[Stolen data] is being used as currency," Niemela says. "As long as you are doing something that has some kind of value that can be replicated for information you are a target. Even if you are not interesting, it's very likely that one of your customers is."

Cyber espionage attacks often start at affiliated businesses rather than the main prize - perhaps first infiltrating a sub-contractor before finding their way to the ultimate target.

"We saw a case where an alarm systems provider was hit," he says. "The final target was somebody operating a larger company. There have also been cases where a subcontractor providing some software component was breached, and their documentation was poisoned with exploits so their customers getting the documentation were hit."

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.