Companies Hit in Targeted Attacks

Friday, May 18, 2012

Gregory Hale


If an attacker wants to target a system, they will get in no matter what, what kind of damage occurs depends on how many layers of security buttress the system.

Almost one year ago, at least 20 companies faced that test because there was a widespread series of cyber attacks targeting private companies, think tanks, and government organizations with links to policies of interest to China.

While no one really knows who set up the attacks, they did use a common command-and-control server to manage the exploitation and control of computers within each victim’s network.

In its research into the attacks — dubbed Project Enlightenment — security intelligence firm Cyber Squared managed to infiltrate the attackers’ communications channel and gather information on the attacks, said the company's Chief Executive Adam Vincent.

“We were able to monitor the threat as they interacted with the victims, specifically tested their exploits, ran their exploits, potentially found their exploits were not executing, and then ran new exploits,” Vincent said. “At that point, they sat back and managed the victim over time.”

The targets of the attacks were diverse: A mining corporation with interests in the automotive industry; Canadian judicial offices handling the extradition of a Chinese national; a major law firm with clients all over the globe, and an international maritime group with connections to the United Nations.

The victims appeared to have little in common, but each had some link to Chinese strategic interests, Vincent said.

“A lot of work isn’t on the technical side — it was actually figuring out why: Why was a company attacked on this day,” Vincent said. “We had to analyze dozens of victims in order to be able to say that this was for a certain strategic purpose.”

The news of the attacks came the same week the United States’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert about a sustained campaign of phishing attempts aimed at infiltrating the natural gas pipeline sector. The attacks, which started in December, appeared to have breached several utilities.

The attack discovered by Cyber Squared began in early- to mid-2011, but was not discovered until a September phishing attack targeted a policy organization that had a central role in the Taiwanese Airpower Modernization Act (TAMA). The phishing attack failed to succeed, but the organization asked Cyber Squared to investigate, said Vincent, who refrained from giving specific details of the victims of the attacks.

The TAMA organization foiled that specific attack, but a persistent adversary will mostly like get into a company’s network, Vincent said.

“Anyone that a sophisticated adversary targets, the adversary knows what they have and knows they can go one step above that organization’s defenses to gain a foothold,” he said.

In an effort to thwart hack attempts, companies in specific industries could band together and share information on attacks that target their industries. In addition, threat intelligence can help companies determine where they should focus their defensive efforts.

Cross-posted from ISS Source

Possibly Related Articles:
Information Security
Phishing Enterprise Security China Exploits Network Security Targeted Attacks Cyber Espionage Information Sharing Project Enlightenment
Post Rating I Like this!
Marc Quibell Depends on the attacker, and it depends on the defenses. Not every targeted attack succeeds. I disagree completely.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.