Cyber-espionage: a real and present threat

A cyber spy ring targeting government and business computers containing sensitive information in over 100 countries grabbed the headlines this week, but the latest attacks are nothing new or unusual, say investigators.

• Daily attacks
• Enhance your protection
• How to mitigate the threat of cyber spies
• Chinese connection
• Useful links

UK businesses are still shocked when they discover they have been infiltrated by cyber-espionage operations, but experts warn that this sort of infiltration happens all the time.

The headline-grabbing spy operation, dubbed Ghostnet, is detailed in a report published this week by Canada's Information Warfare Monitor (IWM) research group. The report should be a wake-up call to all organisations that underestimate the threat.

"Regardless of who or what is ultimately in control of GhostNet, it is the capabilities of exploitation, and the strategic intelligence that can be harvested from it, which matters most," IWM says.

The reality is that most organisations are susceptible to having commercially sensitive information stolen, says Ian McGurk, associate director for information security at consultancy Control Risks.

Jonathan Evans, the MI5 director general, warned UK businesses of the threat of state-sponsored cyber attacks in 2007, but most organisations do not take the warning seriously, he says.

Daily attacks

"We are seeing these cases on a daily basis. The [cyber-espionage] operations are real, they are well organised, and they are targeting data in organisations that continue to rely on outdated technology for protection," says Yuval Ben-Itzhak, chief technology officer at security firm Finjan.

According to Ben-Itzhak, signature-based malware detection systems are useless against the types of trojans cyber spies are using that are unknown to the security community and have no registered signature.

Businesses have no defences against social malware attacks like those used by the GhostNet operators. Well-designed e-mail lures combined with malware are devastatingly effective, says Ross Anderson, a professor at Cambridge University.

"If your business has sensitive information that might be a target of capable motivated opponents, then your current information security will probably not be good enough in the future," he says.

IT departments should tackle the problem by beefing up system security and staff awareness around the organisation's most important information, says McGurk.

"Cyber-espionage is highly targeted, so protection should be greatest around information that has the highest value to outsiders," he says.

Enhance your protection

Organisations should identify high-value assets and information, and concentrate on putting enhanced protection around these and associated processes.

Information relating to mergers and acquisitions or anything else likely to affect share prices, and about new products such as designs and planned launches, are prime targets.

"Anyone working with this type of information should be made aware of the threat of cyber espionage and how they could be targeted by social engineering attacks," says McGurk.

In the face of unknown trojans that may go undetected for months, McGurk advocates a layered defence strategy, including auditing and logging systems to track all network activities.

"If you have the right defences and levels of awareness and training in place, you can make it difficult to the point where cyber spies give up," he says.

Useful links:

• Information Warfare Monitor
• Control Risks
• Finjan