For those of us in the world of information security, the news of Attorney General Eric Holder bringing a first-of-its-kind criminal cyber-espionage case against Chinese military officials is no surprise at all. For years, the Chinese have been known for launching cyber-attacks on American industrial and military targets to steal prized military secrets and other intellectual property.
On Monday, May 19, 2014, Attorney General Holder brought charges against five Chinese military officials for hacking into top U.S. companies for the purpose of stealing commercial trade secrets. Holder contends that these types of cyber-attacks are much different from the usual types of attacks in that the goal of these attacks were to steal trade secrets which would give China the upper-hand against American businesses.
Chinese officials are accused of targeting a variety of industries including nuclear, metals, solar and products. The purported victims include Alcoa World Alumina, Westinghouse Electric, U.S. Steel Corp., Allegheny Technologies, United Steelworkers Union, and SolarWorld. While these companies were the latest targets, companies across all industries should be guarded against these types of threats.
“This is a tactic that the United States government categorically denounces,” Holder said. “This case should serve as a wake-up call to the seriousness of the ongoing cyber threat.”
It is doubtful that China will turn over the five named military officials and that they will ever see their day in the Pittsburgh, Pa., federal court where the case is being brought.
Defense Secretary Chuck Hagel also revealed that the Pentagon is planning to triple its cyber security staff over the next few years in order to defend against future cyber-attacks that threaten national security.
What Can Businesses Do To Protect Against Chinese and Other Nation State Sponsored Cyber Attacks?
The first thing you must do is recognize that your business is a target; if not financial or intellectual property, there may be other resources, including access to partners. A hacker might be using your business to gain access to not only your assets but also those of your customers, clients, vendors and partners. Second, take the necessary precautions. Be sure that you have implemented an effective malware defense strategy that incorporates host-based controls, network-based controls, policy and training-based controls and advanced controls.
Host-based Controls are deployed on laptops, desktops and servers. This type of control is critical because malware exists on hosts and by installing these controls, you can help prevent infections.
Network-based Controls should be deployed to help guard your network. Malware infection, communication and movement, often laterally, can be tracked and prevented.
Policy and Training-based Controls are considered low-hanging fruit. These controls do not require a great deal of investment or change to infrastructure. Once adopted, the return on investment/effort is high.
Advanced Controls must be implemented when considering the increasing and persisting threat of modern malware. These controls can swiftly and efficiently detect the presence of advanced malware, which in turn, facilitates a quick response for eradication or remediation.
It is of the utmost importance that all of these controls work together synergistically. For example, companies will install a SIEM (Security Information and Event Monitoring) solution with the default settings or very minimal configuration, which could result in a lack of alerts to detect a catastrophe early on. Once the SIEM is set up to the unique needs of your organization, attending to and monitoring the logs that come out of each additional security mechanism and working with the SIEM provider for correlation algorithms is imperative. Once malware or malicious behavior is detected, it usually is just the beginning of the bad news. The propagation of the malware that follows is what must be swiftly detected and responded to promptly in order to minimize damage.
While China is in the headlines today, cyber-espionage as a whole is on the rise and will continue to target all industries. Don’t get caught unprepared—start taking appropriate precautions to avoid becoming their next victim.