White Paper

Cyber Espionage Threats An Alarming Problem

Contents
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 What Do Nation States Want?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Why Are Companies So Vulnerable?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Information Sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Minimizing the Consequences of Cyber Espionage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Sponsored by:

About Ziff Davis B2B Ziff Davis B2B is a leading provider of research to technology buyers and high-quality leads to IT vendors. As part of the Ziff Davis family, Ziff Davis B2B has access to over 50 million in-market technology buyers every month and supports the companys core mission of enabling technology buyers to make more informed business decisions. Copyright 2014 Ziff Davis B2B. All rights reserved.

Contact Ziff Davis B2B 100 California Street, 4th Fl., San Francisco, CA 94111 Tel: 415.318.7200 | Fax: 415.318.7219 Email: b2bsales@ziffdavis.com www.ziffdavis.com

Ziff Davis|White Paper| Cyber Espionage Threats - An Alarming Problem

Introduction
Cyber espionage has become a major area of concern at the highest levels of the federal government. In the past year Congressional hearings have been held, executive orders issued, and alarming reports published. Why, suddenly, has cyber espionage garnered so much attention? Digitalization of information has changed the way enemies conduct espionage. Cyberspace affords foreign actors the ability to sit at a computer and steal massive quantities of data remotely, quickly, and usually anonymously. They can continue for years without detection. And the perpetrators can easily make it look like the attacks are coming from a different geographic location. Skilled attackers can hop through networks around the world so the originating system cannot be traced. The number and sophistication of attacks has grown every year. Defense contractors, information technology corporations, small companies that supply defense contractors, even security technology providers have become targets of cyber intrusions by nation-states. Roughly one-third of foreign cyber espionage attacks originate in China. According to the National Intelligence Estimate, other active players are Russia, Israel, and France. An October 2011 U.S. government report, Foreign Spies Stealing US Economic Secrets in Cyberspace, asserts, Cyber tools have enhanced the economic espionage threat, and the Intelligence Community judges the use of such tools is already a larger threat than more traditional espionage methods. Yet it is generally agreed that C-level business executives do not appreciate the breadth of these attacks, nor the potential economic consequences. The most likely reason is that they are unaware of long-term breaches that have already happened within their companies. Information security provider Mandiant issued a report in February that chronicled its multi-year following of one Chinese cyber espionage unit of the Peoples Liberation Army. Mandiants APT1 report states that this one group has targeted 150 victims over seven years and has compromised 141 companies in 20 industries.

What Do Nation-States Want?

Nation-states use cyber espionage to gain a competitive advantage. It can be a military advantage, an economic advantage, or a technology advantage. Russia wants to invigorate and diversify its industries. China would prefer to avoid costly and time-consuming R&D, preferring to bring Chinese products to market using stolen U.S. trade secrets, manufacturing plans, technology, and IP. Because so many Chinese companies are state-owned, the government focuses heavily on economic espionage. What differentiates nation-states from cyber criminals is the vast amount of resources they have at their disposal and their objectives.

ziffdavis.com

2 of 5

Ziff Davis|White Paper| Cyber Espionage Threats - An Alarming Problem

The actors are patient and methodical. They are prepared for long-term warfare, as evidenced by intrusions that last years. The 2012 Report to Congress of the U.S.-China Economic and Security Review Commission, November 2012 stated, In 2012, Chinese state-sponsored actors continued to exploit U.S. government, military, industrial, and non-governmental computer systems..Although most China-based activity observed over the past year relied on basic and straightforward techniques, a series of new developments suggest Chinese exploitation capabilities are improving signicantly. Irrespective of sophistication, the volume of exploitation attempts yielded enough successful breaches to make China the most threatening actor in cyberspace. To put the scope of the problem in perspective, Mandiant estimated that APT1 maintained access to victim networks for an average of 356 days. The longest time period APT1 sustained access to a single victims network was four years and ten months. Mandiant also reported, Among other large-scale thefts of intellectual property, we have observed APT1 stealing 6.5 terabytes of compressed data from a single organization over a ten-month time period.

Why Are Companies So Vulnerable?

Traditional security tools such as anti-virus software, intrusion detection, and rewalls are less effective as attackers hone more sophisticated techniques. Most companies lack the means to detect malicious activity within their networks or data owing out of their networks because their focus is on the perimeter. Malware is much more sophisticated and customized. It can lay dormant for long periods of time. Logs can be falsied. Spearshing a key source of entry into a corporate network has become more sophisticated. An e-mail can appear to come from a trusted partner and exhibit insider knowledge of the recipient and the company. The e-mail contains either a malicious attachment or a hyperlink to a malicious le. Once the recipient opens the attachment or clicks on the hyperlink, malware is installed on the network and the actor has access to company data. Anti-virus software does not detect the intrusion. The company is then vulnerable to an advanced persistent threat. Once an intruder has a foothold inside the network and a set of legitimate credentials, the actor can move around the network undetected and steal user names and passwords. Other reasons for increased vulnerability is the use of on-site third-party contractors who bring their own devices as well as employees who use their personal smartphones for business purposes. Companies need to have strict policies about the use of these devices and must enforce them. Enterprise companies also have to consider their partners security readiness. Foreign actors often spend months proling an organization, including its business partners and suppliers, looking for vulnerabilities. Entry into a corporate network is often accomplished via a partners VPN connection.

ziffdavis.com

3 of 5

Ziff Davis|White Paper| Cyber Espionage Threats - An Alarming Problem

Data exltration is accomplished through encrypted outbound transmissions, hardware and software key loggers, and rogue devices executing network packet captures. Information Sharing Private sector organizations often do not reveal that their computer networks have been compromised, either to the FBI or its shareholders because of fear of lawsuits or reputational damage. However, many companies are now publicizing the fact that they have been attacked although not all of the attacks were successful. The government is encouraging information sharing between the private and public sectors to gain insights that can combat intrusions. While private sector organizations are less concerned with where the attack originated and focus instead on damage control and prevention, government intelligence agencies seek to establish the source of the attack. One of the most effective information sharing mechanisms is an ISAC (Information Sharing and Analysis Center). These are voluntary industry groups that share details of attacks with one another and disseminate best practices. They do not share information with government agencies. ISACs exist in IT, public transportation, nancial services, higher education, state and local governments. Membership fees are usually on a sliding scale to accommodate both small and larger companies. In his executive order on cyber espionage the President encouraged government agencies to share information about intrusions with the private sector. However, there is no requirement for the private sector to share data with the government. But greater collaboration is certainly a long-term goal because the economic competitiveness of the U.S. is at stake. Minimizing the Consequences of Cyber Espionage Avoid complacency; dont think it cant happen to your company Assume your network has already been penetrated and change strategy from reactive to proactive Cyber security has to be dealt with strategically at senior management levels Get rid of the silo approach; security is a business issue as well as an IT concern Develop measures for centrally controlling and monitoring what devices can be attached to corporate networks and what data can be stored on them Separate perimeter from core; a sound perimeter defense alone is not adequate to protect against penetration Conduct regular penetration testing of company infrastructure and third-party shared network systems Use two-factor ID or long passphrases Layer security and segment data

ziffdavis.com

4 of 5

Ziff Davis|White Paper| Cyber Espionage Threats - An Alarming Problem

Identify and isolate the crown jewels and implement compartmentalized access procedures Assign threat focus areas. Dont get distracted by the small, unsophisticated attacks. Filter them out and concentrate on the more serious ones Be more open. Disclose the breach to partners rst, then the public. The SEC requires public companies to disclose security breaches Think twice about entering into a joint venture with a Chinese company. The potential for losing IP is signicant. Stealing IP is an accepted business practice in China and there are no negative consequences Be judicious about hiring. Nation-states often recruit their foreign nationals who work for U.S. companies for cyber espionage purposes, appealing to their sense of patriotism These steps can stop some intrusions or at least help to detect them more rapidly and minimize damage. With the number and sophistication of cyber espionage attacks expected to increase, it behooves all U.S. companies that rely on the Internet to take a fresh look at their cyber security policies and procedures.

ziffdavis.com

5 of 5