Businesses and Governments who have developed cyber espionage tools are turning to them for business advantage, and often require them as part of everyday business.
Stephen Bonner, partner in the information protection and business resilience at KPMG, told IT Security Guru that once a rogue nation of business has built a cyber espionage tool, it becomes cost effective to use it for other things.
“We’ve seen this with hostile bids for access to something, such as an oil reserve. Certainly most nations are involved in this, and if you are doing a deal they will break in and see what your bid is so they can price it and bids $1 more, and that has been going on for quite a while in hostile environments,” he said.
“What is fascinating is that those teams are so used to doing that, they will break in to see what they have shared is accurate. It has become part of due diligence to hack in and check as there is no cost to it. It doesn’t cost anything, it’s very high value and you don’t get caught!”
Bonner said that some operators are so used to using the tool, that often questions are no longer asked and often, it is a case of why not use it? “The other thing is in an environment of highly skilled and motivated individuals, such as financial services, it is more effective than making your environment better. They think that if they launch a massive DDoS against the competition, they cannot compete so they win the deal.”
Commenting, Jeffrey Carr, founder and CEO of Taia Global, told IT Security Guru that he agreed with thisassessment and while he had no proof of it going on, he has had “off the record conversations with individuals who have acknowledged that this has happened with joint ventures between China and other nation’s companies”. He said “China is certainly not unique in that role. So this isn’t new, this is the new twist on yesterday’s industrial espionage.”
However Mikko Hypponen, chief research officer of F-Secure, called the claims “outrageous”, saying that he doubted that these actions are as commonplace as described.
“At least such claims would require some proof to back them up. For what it’s worth, we have no evidence of US government misusing any of the information they’ve stolen via the PRISM/Xkeyscore/Quantum hacks for financial gain for US companies,” he said.
Bonner said that most of the thinking at the moment is about being a victim of these attacks, but more needs to be on making sure you are not the perpetrator of these attacks. “Now clearly these are not sanctioned at the board level as a legitimate business plan, but look at the rogue individuals who are bringing who are bringing a grudge against companies and the bosses, given how easily it is to do cyber attacks, why isn’t there a concern that your rogue insiders are using that capability from inside your organisation?”
TK Keanini, CTO of Lancope, said that people in security are coming to realise two important changes: first, that infiltration is so easy that it is a given – most attackers show up at the network access point with already stolen credentials and just login as that user; and second, that post infiltration, the game changes to remaining hidden and this is where we have to change the dynamic.
“These attackers know that the security folks are watching the traditional security infrastructure like firewalls, intrusion detection systems, but as I said before, this advanced threat knows how to operate without showing up on the security radar,” he said.
“This problem he is addressing exists because very few people have implemented telemetry on their networks and until they do, it is just too easy for this threat to go undetected. Until you change the economics for them, it will continue to be an unfair advantage for those wishing to have superior knowledge at the time of negotiation.”