[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Cyber-espionage moves into B2B


By Matt Hines
January 15, 2008

The practice of cyber-espionage is rapidly moving beyond the government 
sector and finding its way into the world of international business, 
according to experts with SANS Institute, one of the world's top IT 
security training organizations.

While the United States and Chinese governments, most notably, have 
accused each other in recent years of carrying out surreptitious hacking 
campaigns aimed at stealing strategic information from their respective 
IT systems -- and many security experts believe that both countries, and 
many others, are actively engaging in such electronic warfare -- leaders 
with SANS maintain that the practice has recently begun to spill over 
into the private sector with greater frequency.

According to the training institute's latest research, cyber-espionage 
efforts funded by "well-resourced organizations" -- including both 
government-backed and private efforts -- will expand significantly 
during 2008, in particular as overseas companies look to gain an upper 
hand in negotiating business deals with large companies based in the 
U.S. and Europe.

In one common scenario, said Alan Paller, director of research for SANS, 
organizations in the process of establishing legitimate partnerships 
with such companies are willing to pay hackers to break into those 
firms' IT systems to gather competitive information to gain an advantage 
at the bargaining table.

More companies than ever before are finding out that they have been 
victimized in such a manner based on the discovery of their sensitive 
data in the hands of hackers and other fraudsters who have been 
apprehended by law enforcement officials, the expert contends.

"Cyber-espionage is clearly growing across the board. It was much bigger 
in 2007 than in previous years, and it is expanding slowly into economic 
espionage involving both businesses and government entities," Paller 
said. "This really has a lot of significant implications because people 
who have never thought of themselves as targets for this type of attack 
have suddenly become a sweet spot, and many are not prepared to defend 

Paller said that federal law enforcement agencies have been contacting 
private industry firms directly to inform them that their data may have 
been compromised. From closely-protected product designs to company 
financials, the expert said that cyber-espionage is already working its 
way into many different areas of business.

"If you live in a foreign country and you want to do business with a big 
American company, you want to negotiate the best possible deal, and 
we're seeing more evidence of instances where parties have clearly been 
paid to break into a companies' computers, as well as those of their 
accountants, consultants and lawyers, to find information that can be 
used to tilt deals in their favor," Paller said. "In some cases, it's 
fair to say that the people who are negotiating these deals overseas end 
up with more information than the people that are being paid to 
negotiate with them."

Paller said that while in many cases the business data being stolen is 
being used to the advantage of private industry players, the training 
organization believes that a fair amount of the corporate espionage 
activity may be backed by government sponsors.

While such attacks have been somewhat common among government and 
defense contractors for years, he said, the process is highlighting a 
lack of perception regarding security risks inside other major U.S. 

SANS reported that the attack of choice in many cases of cyber-espionage 
is a targeted spear phishing campaign that attempts to dupe workers into 
opening tainted attachments made to appear as if they come from people 
they work with.

The content of the virus-laden attachments is often tailored to look 
exactly like legitimate materials that the employees involved might send 
to each other, making it more likely that users will open the messages 
and remain unaware that they may have been compromised, Paller said.

Attackers crafting the messages most often use newly discovered 
Microsoft Office vulnerabilities, also known as zero day flaws, to 
further hide their activities and to circumvent anti-virus systems, 
according to the expert.

"This type of business-driven cyber-espionage is already happening a lot 
more frequently than some people might think," said Paller. "We're only 
finding real evidence because more companies are hearing from law 
enforcement when someone finally discovers the stolen data."

On the flip side, SANS is also predicting that so-called insider data 
theft carried out against U.S. businesses by trusted employees will also 
continue to flourish.

One of the factors accelerating that trend is the ability for attackers 
to attempt to attack their employers both from inside their networks and 
from the outside using known vulnerabilities they discover in their 
work, the group said.

With traditional security perimeters increasingly being taxed by the use 
of mobile devices that are allowed to come onto corporate networks from 
outside the workplace, SANS said that workers are finding many new 
opportunities to sneak information out the door and sell for a profit.

One of the key strategies that organizations need to embrace to thwart 
the insider problem is to put into place more substantial defenses that 
limit access to various IT systems and data stores based on the specific 
level of admission to those assets that individuals need to do their 
jobs, the training group said.

Subscribe to InfoSec News