Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Businesses and Governments routinely use cyber espionage tools

by The Gurus
April 7, 2014
in Editor's News
Share on FacebookShare on Twitter

Businesses and Governments who have developed cyber espionage tools are turning to them for business advantage, and often require them as part of everyday business.

 

Stephen Bonner, partner in the information protection and business resilience at KPMG, told IT Security Guru that once a rogue nation of business has built a cyber espionage tool, it becomes cost effective to use it for other things.

 

“We’ve seen this with hostile bids for access to something, such as an oil reserve. Certainly most nations are involved in this, and if you are doing a deal they will break in and see what your bid is so they can price it and bids $1 more, and that has been going on for quite a while in hostile environments,” he said.

 

“What is fascinating is that those teams are so used to doing that, they will break in to see what they have shared is accurate. It has become part of due diligence to hack in and check as there is no cost to it. It doesn’t cost anything, it’s very high value and you don’t get caught!”

 

Bonner said that some operators are so used to using the tool, that often questions are no longer asked and often, it is a case of why not use it? “The other thing is in an environment of highly skilled and motivated individuals, such as financial services, it is more effective than making your environment better. They think that if they launch a massive DDoS against the competition, they cannot compete so they win the deal.” 

Commenting, Jeffrey Carr, founder and CEO of Taia Global, told IT Security Guru that he agreed with thisassessment and while he had no proof of it going on, he has had “off the record conversations with individuals who have acknowledged that this has happened with joint ventures between China and other nation’s companies”. He said “China is certainly not unique in that role. So this isn’t new, this is the new twist on yesterday’s industrial espionage.”

 

However Mikko Hypponen, chief research officer of F-Secure, called the claims “outrageous”, saying that he doubted that these actions are as commonplace as described.

 

“At least such claims would require some proof to back them up. For what it’s worth, we have no evidence of US government misusing any of the information they’ve stolen via the PRISM/Xkeyscore/Quantum hacks for financial gain for US companies,” he said.


Bonner said that most of the thinking at the moment is about being a victim of these attacks, but more needs to be on making sure you are not the perpetrator of these attacks. “Now clearly these are not sanctioned at the board level as a legitimate business plan, but look at the rogue individuals who are bringing who are bringing a grudge against companies and the bosses, given how easily it is to do cyber attacks, why isn’t there a concern that your rogue insiders are using that capability from inside your organisation?”

TK Keanini, CTO of Lancope, said that people in security are coming to realise two important changes: first, that infiltration is so easy that it is a given – most attackers show up at the network access point with already stolen credentials and just login as that user; and second, that post infiltration, the game changes to remaining hidden and this is where we have to change the dynamic.

 

“These attackers know that the security folks are watching the traditional security infrastructure like firewalls, intrusion detection systems, but as I said before, this advanced threat knows how to operate without showing up on the security radar,” he said.

 

“This problem he is addressing exists because very few people have implemented telemetry on their networks and until they do, it is just too easy for this threat to go undetected. Until you change the economics for them, it will continue to be an unfair advantage for those wishing to have superior knowledge at the time of negotiation.”

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Giant leaps by Yahoo to security

Next Post

Headlines causing setbacks for European security strategy

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information