Technology organisations are among the most frequent targets of cyber attacks, according to the latest report from security firm FireEye.
Technology firms experienced the highest rate of callback activity to command and control (C&C) servers associated with next-generation cyber attacks, according to the report launched at Infosecurity Europe 2013 in London.
C&C servers are used heavily during the lifecycle of an attack to maintain communication with an infected machine by way of callbacks, enabling the attacker to download and modify malware to evade detection, extract data or expand an attack in the target organisation.
Callbacks to C&C servers in 184 countries in the past year – up 41% on 2010 – show cyber attacks have become a global activity, the report said.
Technology companies are targeted for the theft of intellectual property, sabotage or modification of source code to support further criminal initiatives, the report said.
Data drawn from FireEye systems in 2012 reveals that most attempted callbacks are to C&C servers located in Asia and Eastern Europe.
Read more about APTs
- AT&T takes APTs seriously
- Conducting APT detection when Elirks, other backdoors hide traffic
- APTs: Are they really a concern for all businesses?
- Half of UK networks vulnerable to APTs
- Hardening the network against targeted APT attacks
- Surviving cyber war: Preparing for APTs, Stuxnet malware-style attacks
- Boost advanced persistent threat (APT) security levels in six steps
- Ranum chat: APT attacks and malware evolution
- Advanced persistent threat (APT) defense; best practices
China, Korea, India, Japan and Hong Kong accounted for 24% of global callbacks, while Russia, Poland, Romania, Ukraine, Kazhakstan and Latvia accounted for 22%.
The FireEye platform is deployed behind firewalls, next-generation firewalls, intrusion prevention systems (IPS), anti-virus (AV) and other security gateways, representing the last line of defence against advanced attacks that bypass traditional signature-based security infrastructure.
According to the report, the 89% of advanced persistent threats (APTs) are associated with tools developed and disseminated by Chinese hacker groups. The main tool is GhostRAT Trojan, used by the GhostNet spy ring.
“The threat landscape has evolved, as cyber threats have outpaced traditional signature-based security defences,” said David DeWalt, chief executive of FireEye.
“Cybercriminals are able to evade detection easily and establish connections inside the perimeter of major organisations,” he said.
According to DeWalt, the research puts in proper perspective the global pandemic of a new breed of more advanced cyber attacks.