In the current digitally advanced world, we hear about armies of immoral hackers secretly spying on their targets and stealing information—classified, sensitive data or intellectual property. This practice of secretly gaining access to critical information without permission from the data owner—individuals, competitor organizations, government entities or enemies—to gain personal, economic, political or military advantage is called cyber espionage.
How do hackers get their hands on critical information? Well, they steal highly confidential details by hacking Internet networks or individual computers via proxy servers, malicious software and other hacking techniques. Whether organizations and government bodies like it or not, most have become a part or victims of cyber espionage and it is gaining importance by the day due to the impact it has been causing on a global scale. Whether everyone agrees or not, whether it is done openly or silently, the truth is that almost all governments and enterprises apply cyber espionage on a certain scale to gain advantage over competitors or enemies.
The very term “cyber espionage” indicates that it is done secretly and is known for its deniability. There’s also a vacuum of international law in the area. No nation or entity wants to talk about their tricks of the trade, and carrying out formal agreements and settlements would involve divulging sensitive information. While it is still debatable if cyber espionage can be labelled as good or evil, it definitely serves as an extremely powerful tool for advisories to accumulate knowledge. At the same time, when it affects entities at the enterprise level, we can consider cyber espionage a serious threat.
CYBER ESPIONAGE IS GLOBAL
Cyber spies have a broader agenda. Cyber espionage is not a local issue and neither is it limited to a specific country or industry. It is a global issue and has been taking cyber warfare to a whole new level. Most cyber espionage instances are heard of from China, Russia, Iran, North Korea or the United States—as the attacking nation or as the victim of attack, but every other nation is also exposed to the risk of such threats.
The threats are now more sophisticated and far-reaching than ever before, both on international and domestic grounds. There are quite a few instances of prosecution of intelligence officers and cyber hackers who were involved in stealing intellectual information and confidential business details from a foreign country. Another classic example of cyber espionage is where hackers based out of a country meddle with elections of other nations. We have also heard of cases where hackers distribute previously unknown malware through e-mails or send links to self-loading remote-access tools, and succeed in gaining access to government top secrets, legal contracts, and other confidential data.
Cyber espionage has resulted in disorder at international events, influenced political election campaigns and their outcomes, and has led to the success or failure of organizations across industries. In most cases, advance persistent threats (APTs) help cyber criminals sneak into networks, and they stay undetected for a very long time.
Hacking clusters indulging in this organized form of data spying and stealing comprise skilled computer programmers, engineers as well as scientists. These highly intelligent teams have all the necessary financial support to access state-of-the-art technological resources and they evolve their techniques with advancement in technology. While artificial intelligence, machine learning and cloud technologies are a boon, they are taking cyber spying too to a whole new level. Recruited and trained for the purpose, hackers associated with cyber espionage leverage the latest technological innovations and are capable of shutting down anything—from large government or utility infrastructures to complex financial systems. Though cyber espionage is generally associated with state spying on enemy nations for military purposes, it could also be part of an institutional effort by a government or commercial concern. Let’s look at the two key types of cyber espionage.
FINANCIAL ESPIONAGE
Financial espionage refers to the illegal theft of vital economic intelligence. It is mostly state-sponsored with much bigger goals and on a large scale. It was because of the dangers from such spying activities that the U.S. signed the Economic Espionage Act in October 1996, criminalizing trade secret stealing. Financial espionage could also aim at stealthily impacting sensitive economic policy decisions or unlawfully acquiring confidential and proprietary financial, trade, or economic policy information. It allows foreign entities to gain access to such proprietary information at a fraction of the actual cost, causing substantial financial losses. For example, cyber divisions in military departments try to disrupt their enemies’ advisory capabilities by targeting cyber space—bringing down communication satellites and systems, breaking encryptions, etc. and spying on them.
CORPORATE OR INDUSTRIAL ESPIONAGE
If you’ve heard of corporate espionage, also known as industrial espionage, it uses spying for commercial purposes or to gain a competitive advantage. It could refer to tapping competitor organizations’ cellular networks, hacking and attacking their computer systems via malware, or gaining access to crucial company documents without consent. Then, there are hackers who pose as a company’s employees, but are there to lay their hands on the company’s business trade secrets. G4S estimates a global loss of approximately US$1.7 trillion annually due to business espionage.
COUNTERING CYBER ESPIONAGE WITH THREAT INTELLIGENCE
Cyber warfare follows cyber espionage. While this warfare is not fought with guns and other military weapons, it sure involves equally powerful tools—keyboards and software. The situation has been putting tremendous pressure on cyber security teams. How can different divisions combat the dangers of cyber espionage?
Appropriate technology and defense strategy: A robust cyber intelligence strategy is key to cyber defense. Having the right intelligence will help predict cyber espionage incidents, recognize vulnerabilities, and discover malicious activity indicators, facilitating a proactive security approach. At the same time, to address the dangers, it is imperative for the threat-countering technologies to evolve rapidly. Technologies and methodologies need to be smart enough to absorb analysis and act on the threat intelligence to prevent breach.
Collaboration between public and private entities: As focus on cyber espionage and threat intelligence burgeons, plenty of threat intelligence companies and offerings are mushrooming in the market. But, are they internally co-operating with each other to provide robust threat intelligence? A combined effort with collective intelligence is likely to yield more powerful results rather than fragmented efforts. It is difficult to pin-point where the responsibilities of organizations end and where the role of the country’s government comes in. Hence, government bodies and the private sector need to work in tandem to share threat intelligence and combat cyber breaches and warfare.
Active defense: Reacting to cyber breaches is not enough anymore. Teams also need to employ counterattacks and limited offensive action to deny attackers their contested area. Also, active defense is a much richer concept than just aggressive actions against the source of the cyber espionage attack. Teams can leverage the latest in technology such as artificial intelligence and big data to implement active defense operations—it could be identifying threat actors, real-time diagnosis of the combatant’s activities, flexibly responding to cyber threat, or intelligence dissemination. They could also make it harder for attackers to steal or misuse data through dynamic data movement, distribution and re-encryption.
TO ATTACK THE BAD GUYS, THINK LIKE THE BAD GUYS!
Cyber defense and threat intelligence teams need to think like the bad guys and develop solutions that will help tackle attackers proactively and effectively.
Step 1: Identify the source of the threats: Organizations and governments are not dealing with minor stand-alone criminals with personal agendas anymore; they are dealing with armies of highly skilled hackers. It is essential to understand the source of the threat.
Step 2: Understand the purpose of the espionage: When you know who is behind the cyber espionage, it is easier to discover the motive behind the act. The reason behind a state actor’s attack will be completely different from that of an attack where someone is looking at winning a competitive advantage. Understanding the purpose can help secure the potential target better and can help counter the threat more effectively with an appropriate method.
Step 3: Act the part: To understand the objective of the hacker, it is important to think like a hacker. Preparing oneself with a hacker’s mindset can help enterprises and governing bodies detect vulnerabilities in their own systems and networks. Security teams will be able to better understand what hackers are after, their goals and methods through which they are likely to steal information. Furthermore, they will also be able to identify the hacking team itself faster.
Step 4: Learn hacking techniques: Fighting cyber espionage is a lot easier when one has deep knowledge of potential hacking techniques. It is extremely important to continue up-skilling and collecting necessary information to counter attacks—just like the hackers do.
Step 5: Fight threats proactively: Prevention is definitely better than damage repair. Prevent breaches before they take place by investing in the right talent and technologies to fight cyber espionage.
A typical operations cycle for countering threats should include data collection and processing, deriving intelligence, sharing the intelligence, and finally, coming up with an action plan and executing it. Organizations should create better threat intelligence capabilities by ensuring their security teams proactively analyze existing and potential security threats, threat actors, exploits, identified malware, vulnerabilities and other compromise indicators in the enterprise landscape.
THE WAY FORWARD:
We are in an era where traditional security methods can no longer address new age security threats and cyber espionage. Governments, intelligence agencies and private organizations should not adopt a defensive approach anymore, waiting for the attack and then applying mitigation measures—it is highly inappropriate. First, they should join forces to fight cyber espionage more effectively. Next, they should adopt an offensive approach and undertake active defense measures and strategies to protect their assets from cyber espionage. They should explore the possibility of offensive techniques to counter cyber espionage—maybe by hunting down intruders and malicious code with invasive malware and spreading it in targeted phishing campaigns against actors suspected to have originated the attack.
Sharing threat intelligence among enterprises can help a great deal in raising awareness and countering the issue of cyber spying. It can also help bring down resurgent attacks that are similar in nature in different enterprises to a large extent.
Vijay Bharti is the Chief Information Security Officer (CISO) and Senior Vice President of Cyber Security practice at Happiest Minds Technologies. He brings in more than 20 years of experience in the area of IT Security across multiple domains like Identity and Access Management, Data Security, Cloud Security and Infrastructure Security.
His recent work includes building Security Operation Center frameworks (including people, processes and various SIEM technologies) where he is working on building an integrated view of security and ways of leveraging advance analytics and big data innovations for cyber security.
