Cyber-war trends: good, bad, and scary
March 11, 2013, at 11:53 PM
The attention paid to Chinese cyberwarfare may be increasing, and
warnings of doomsday from the government correspond to the new
attention, but a new report from Mandiant, the company hired by The New York Times
to cleanse their servers after a Chinese attack, suggests that, at long
last, private companies are beginning to devote the resources required
to fend off these deaths by a thousand cuts.
In the past, embarrassment, risk aversion, and a sense that if a state does it, our state has to respond to it, has prevented the development of cyber-defense best practices, even for companies that control big systems that touch our lives daily. In 2011, only 6 percent of Mandiant clients discovered a cyber intrusion on their own. In 2012, 37 percent discovered the intrusion before Mandiant set up a wall around their systems. Mandiant also says that the average time of the attack is down by about 40 percent, suggesting that counter-measures work as a deterrent. Still, fully two-thirds of attacked companies were not aware of it until an external source like Mandiant informed them about it.
At the same time, attacking techniques are getting more efficient. It's easier for attackers to map networks now. And it's easier to identify meaty morsels to steal or compromise.
Mandiant says that, according to its research, defense companies are the most frequent targets of APT1 — "Advanced Persistent Threat 1," which refers to a specific and controlled campaign of cyber espionage by a single military entity in China. Oil and gas and other energy companies are next, followed by financial institutions. The targeting of media has increased threefold, from 2 percent to 7 percent.
China has figured out that small companies with expensive secrets often outsource their information technology services to larger defense companies, and often will use the outsourced firm as a mechanism to get to their real target. General IT service providers are also used as a mechanism to infiltrate real targets. Indeed, Chinese hackers will often implant malware on the network and wait until a chance comes to compromise the intended target. This suggests a very high degree of coordination and planning.
Intelligence gathering is a hallmark of sophisticated Chinese hacking; the idea of network reconnaissance in the cyber world is analogous to what the CIA does in mapping out a terrorist network. Before acting, they spend months, if not years, figuring out the organizational chart, figuring out the vulnerabilities, looking for couriers and points of connection, and then attacking when their picture is of a high enough fidelity. Additionally, the correspondence between the technology stolen and the needs of Chinese industry is very close. Even when companies detect and rid themselves of the threat, Chinese hackers are likely to re-attack the same enterprise 40 percent of the time.
The most interesting part of Mandiant's report is what they have to say about the PLA unit that is likely responsible for the largest and most damaging cyber-intrusions: Unit 61398, which is organized as a discrete intelligence unit under the PLA's General Staff Department's 3rd Department, which is responsible for military intelligence. The New York Times has reported some of it, but Mandiant goes into more detail in their new report.
Mandiant has also decided to be helpful to companies it does not do business with. It's releasing what it knows about the Unit's techniques, which will give U.S. companies a better sense of how to defend against them. China will come up with new techniques, and the old ones will still work for a while, but the open-sourcing of this information will benefit everyone. It hardens the target, assuming that Americans take it seriously.
In the past, embarrassment, risk aversion, and a sense that if a state does it, our state has to respond to it, has prevented the development of cyber-defense best practices, even for companies that control big systems that touch our lives daily. In 2011, only 6 percent of Mandiant clients discovered a cyber intrusion on their own. In 2012, 37 percent discovered the intrusion before Mandiant set up a wall around their systems. Mandiant also says that the average time of the attack is down by about 40 percent, suggesting that counter-measures work as a deterrent. Still, fully two-thirds of attacked companies were not aware of it until an external source like Mandiant informed them about it.
At the same time, attacking techniques are getting more efficient. It's easier for attackers to map networks now. And it's easier to identify meaty morsels to steal or compromise.
Mandiant says that, according to its research, defense companies are the most frequent targets of APT1 — "Advanced Persistent Threat 1," which refers to a specific and controlled campaign of cyber espionage by a single military entity in China. Oil and gas and other energy companies are next, followed by financial institutions. The targeting of media has increased threefold, from 2 percent to 7 percent.
China has figured out that small companies with expensive secrets often outsource their information technology services to larger defense companies, and often will use the outsourced firm as a mechanism to get to their real target. General IT service providers are also used as a mechanism to infiltrate real targets. Indeed, Chinese hackers will often implant malware on the network and wait until a chance comes to compromise the intended target. This suggests a very high degree of coordination and planning.
Intelligence gathering is a hallmark of sophisticated Chinese hacking; the idea of network reconnaissance in the cyber world is analogous to what the CIA does in mapping out a terrorist network. Before acting, they spend months, if not years, figuring out the organizational chart, figuring out the vulnerabilities, looking for couriers and points of connection, and then attacking when their picture is of a high enough fidelity. Additionally, the correspondence between the technology stolen and the needs of Chinese industry is very close. Even when companies detect and rid themselves of the threat, Chinese hackers are likely to re-attack the same enterprise 40 percent of the time.
The most interesting part of Mandiant's report is what they have to say about the PLA unit that is likely responsible for the largest and most damaging cyber-intrusions: Unit 61398, which is organized as a discrete intelligence unit under the PLA's General Staff Department's 3rd Department, which is responsible for military intelligence. The New York Times has reported some of it, but Mandiant goes into more detail in their new report.
Mandiant has also decided to be helpful to companies it does not do business with. It's releasing what it knows about the Unit's techniques, which will give U.S. companies a better sense of how to defend against them. China will come up with new techniques, and the old ones will still work for a while, but the open-sourcing of this information will benefit everyone. It hardens the target, assuming that Americans take it seriously.
Marc Ambinder is TheWeek.com's editor-at-large, and writes The Compass blog.He is the author, with D.B. Grady, of The Command and the forthcoming Deep State: Inside the Government Secrecy Industry. Marc is also a contributing editor for The Atlantic and GQ. Formerly, he served as White House correspondent for National Journal, chief political consultant for CBS News, and politics editor at The Atlantic. Marc is a 2001 graduate of Harvard. He is married to Michael Park, a corporate strategy consultant, and lives in Los Angeles.
MOST READ
MOST SHARED
- What happens if North Korea collapses?
- The culture war was never a fair fight
- The biggest cyberattack in Internet history is happening right now
- Why Walmart's shelves are empty
- Why the U.S. is flying B-2 stealth bombers over Korea
- The story behind the gay marriage symbol taking over Facebook
- 10 things you need to know today: March 28, 2013
- Forget Cyprus: Why you should really be worrying about Italy
- WATCH: A 2-year-old picks a lock to steal a unicorn
- 8 crazy pop-culture lawsuits
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
from our partners
-
-
-
- Guns, Swords, Photos Of Dead Bodies Seized From Adam Lanza's House
- Nelson Mandela Hospitalized In South Africa
- Is "Treating Married Couples Differently" Constitutional?
http://theweek.com/article/index/241203/cyber-war-trends-good-bad-and-scary
No comments:
Post a Comment