If an attacker wants to target a system, they will get in no matter what, what kind of damage occurs depends on how many layers of security buttress the system.
Almost one year ago, at least 20 companies faced that test because there was a widespread series of cyber attacks targeting private companies, think tanks, and government organizations with links to policies of interest to China.
While no one really knows who set up the attacks, they did use a common command-and-control server to manage the exploitation and control of computers within each victim’s network.
In its research into the attacks — dubbed Project Enlightenment — security intelligence firm Cyber Squared managed to infiltrate the attackers’ communications channel and gather information on the attacks, says the firm’s Chief Executive Adam Vincent.
“We were able to monitor the threat as they interacted with the victims, specifically tested their exploits, ran their exploits, potentially found their exploits were not executing, and then ran new exploits,” Vincent said. “At that point, they sat back and managed the victim over time.”
The targets of the attacks were diverse: A mining corporation with interests in the automotive industry; Canadian judicial offices handling the extradition of a Chinese national; a major law firm with clients all over the globe, and an international maritime group with connections to the United Nations.
The victims appeared to have little in common, but each had some link to Chinese strategic interests, Vincent said.
“A lot of work isn’t on the technical side — it was actually figuring out why: Why was a company attacked on this day,” Vincent said. “We had to analyze dozens of victims in order to be able to say that this was for a certain strategic purpose.”
The news of the attacks came the same week the United States’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert about a sustained campaign of phishing attempts aimed at infiltrating the natural gas pipeline sector. The attacks, which started in December, appeared to have breached several utilities.
The attack discovered by Cyber Squared began in early- to mid-2011, but was not discovered until a September phishing attack targeted a policy organization that had a central role in the Taiwanese Airpower Modernization Act (TAMA). The phishing attack failed to succeed, but the organization asked Cyber Squared to investigate, said Vincent, who refrained from giving specific details of the victims of the attacks.
The TAMA organization foiled that specific attack, but a persistent adversary will mostly like get into a company’s network, Vincent said.
“Anyone that a sophisticated adversary targets, the adversary knows what they have and knows they can go one step above that organization’s defenses to gain a foothold,” he said.
In an effort to thwart hack attempts, companies in specific industries could band together and share information on attacks that target their industries. In addition, threat intelligence can help companies determine where they should focus their defensive efforts.