Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 deadliest differences of state-sponsored attacks

Maria Korolov | Dec. 2, 2014
There are some key differences about attacks that originate with foreign governments, and ignoring these differences could prove deadly.

world map attacks
Credit: Shutterstock

If you believe that protecting against cyberattacks from government agencies requires the same processes as defending against any other threat -- well, to some extent, you are right. 

Government agencies will happily use easy "script kiddie" tools and well-known exploits to get into your systems to avoid tipping their hand about who they are and what they're really after. And they have the money to buy and use the most advanced tools used by criminal organizations to get into your payments data. 

So protecting against these kinds of common attacks is necessary if you are trying to protect yourself against state-sponsored attackers -- but it is not sufficient. There are some key differences about attacks that originate with foreign governments, and ignoring these differences could prove deadly. 

1. They're going after different types of data 
Vandals are out to make a loud splash, so they'll go after public-facing websites, or just randomly disrupt whatever's within reach. Criminals will go after stuff they can sell. 

Foreign nations will hit embassies and government agencies for political information, said Jaime Blasco, director of labs at San Mateo, CA-based AlienVault, Inc. 

And they'll go after private companies, as well -- and not just defense contractors, either. 

"If specific companies have developed a technology or method to do something, they might steal information to gain that information for competitive advantage for Chinese companies," he said. And they'll also go against personal information or business information that would provide them with insights they need to break into more companies. 

Blasco was part of the team that took down UglyGorilla, a Chinese hacker who broke into computers at five U.S. Companies including Westinghouse Electric Co. and United States Steel Corp earlier this year and stole trade secrets and other information.

Blasco also uncovered Sykipot, a China-based attack which was able to bypass two factor authentication and steal trade secrets from the automotive and aerospace industries. 

"What we thought was a primary reason for gain might not be as obvious anymore," said Carl Wright, general manager at San Mateo, CA-based TrapX, which recently uncovered a Chinese attack against international shipping and logistics companies. 

For example, an attack against certain types of agricultural equipment might produce valuable insights about grain production, he said. 

2. The might not be after data at all 
Foreign governments are after power, and not just in the "information is power" kind of way. They'll go after another country's actual power grid, fuel pipelines, or nuclear reactors. 

"They would be also happy causing disruption in government services, taking out communication systems, disrupting a nation's economy, or causing reputation damage of state-related institutions," said Jeff Williams, CTO at Palo Alto, CA-based Contrast Security. 

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.