Page 67 - Cyber Warnings
P. 67
This has left them essentially alone to contend with the significant challenge of ensuring that
they can detect and protect against such serious threats.
Russia and China are two of the most sophisticated players in this high stakes game. They
deploy both custom, sophisticated malware as well as simpler, off-the-shelf tools to achieve
their objectives. In many cases, the common element of the attack is the exploitation of the
human element within an organization, which is increasingly growing more sophisticated and
targeted.
Motivations
Let’s look at the top two players. First, the Russians. While they remain committed to hacking
business information that will assist their competitive standing in the world, their first priority is
collecting military and diplomatic information. They have put significant talent and resources into
targeting U.S. government networks to collect the kind of diplomatic information that gives them
an advantage in negotiations or strategic decisions, to predict U.S. strategic positions and
decisions.
For cybersecurity professionals, it is important to know what type of information is stored on or
passing through your network. Media companies, academics, law firms, and companies that
deal in strategic commodities are all potential targets. A risk-based approach will account for
the threat and layer more advanced (and expensive) defenses around sensitive information.
In comparison, the primary objective of Chinese cyber collection capability is to enable State
Owned Enterprises (SOEs) to compete and dominate in the global economy.
Cybersecurity professionals have noted an increasing number of network intrusions that result
in exfiltration of business information, including IP and executive communications. That’s a
hallmark of Chinese hacking groups, particularly Group 61398, known for stealing trade secrets
from companies such as Westinghouse and US Steel.
Group 61398’s efforts to target technologies and information that advance China’s strategic
industrial sectors are emblematic of the Chinese hacking initiative. Cybersecurity analysts have
directly correlated key industries China seeks to grow with the sectors they target with attacks.
It pays to understand what the Chinese are after, and develop a risk-based approach to
protecting the information in your network that may be of value to a sophisticated economic
adversary.
Are you ready for a “State-Sponsored Attack”?
One of the main challenges for organizations is moving from a perimeter-based strategy to a
risk-based approach is a rapidly expanding, amorphous infrastructure.
67 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
