Infosec 2013: Tech firms among top cyber targets, report shows

Technology organisations are among the most frequent targets of cyber attacks, according to a report from security firm FireEye

Technology organisations are among the most frequent targets of cyber attacks, according to the latest report from security firm FireEye.

Technology firms experienced the highest rate of callback activity to command and control (C&C) servers associated with next-generation cyber attacks, according to the report  launched at Infosecurity Europe 2013 in London.

C&C servers are used heavily during the lifecycle of an attack to maintain communication with an infected machine by way of callbacks, enabling the attacker to download and modify malware to evade detection, extract data or expand an attack in the target organisation.

Callbacks to C&C servers in 184 countries in the past year – up 41% on 2010 – show cyber attacks have become a global activity, the report said.

Technology companies are targeted for the theft of intellectual property, sabotage or modification of source code to support further criminal initiatives, the report said.

Data drawn from FireEye systems in 2012 reveals that most attempted callbacks are to C&C servers located in Asia and Eastern Europe.

China, Korea, India, Japan and Hong Kong accounted for 24% of global callbacks, while Russia, Poland, Romania, Ukraine, Kazhakstan and Latvia accounted for 22%.

The FireEye platform is deployed behind firewalls, next-generation firewalls, intrusion prevention systems (IPS), anti-virus (AV) and other security gateways, representing the last line of defence against advanced attacks that bypass traditional signature-based security infrastructure.

According to the report, the 89% of advanced persistent threats (APTs) are associated with tools developed and disseminated by Chinese hacker groups. The main tool is GhostRAT Trojan, used by the GhostNet spy ring.

“The threat landscape has evolved, as cyber threats have outpaced traditional signature-based security defences,” said David DeWalt, chief executive of FireEye.

“Cybercriminals are able to evade detection easily and establish connections inside the perimeter of major organisations,” he said.

According to DeWalt, the research puts in proper perspective the global pandemic of a new breed of more advanced cyber attacks.

Read more on Hackers and cybercrime prevention