Should organisations be concerned by cyberespionage?
23 March 2017 | 0
“If you have a server with interesting information visible to the internet and it has a vulnerability they will hack in there, monitor what happens in that server, and spread into your internal organisation,” Niemela says. “If that doesn’t work they will use phishing, watering holes, browsing exploits or some other method of getting access to a workstation, and from there they’ll obtain credentials of administrators and move between machines.
“They will get the domain administrator’s credentials then they are in your network, once again, observing and collecting information.
“It all depends on how interesting a target you are because even spies have budgets and bosses,” Niemela explains. “And they need to make their bosses happy.”
Those budgets might be bigger and those bosses more politically powerful but they are budgets and bosses all the same.
“What we have gathered from Snowden and other prior evidence is that it’s rare an espionage agency is given a mandate at a certain company – they operate on sectors of industry,” Niemala says. “For example, some intelligence team is tasked with trying to access the energy sector operating in the Middle East, or the banking sector in Syria. It’s extremely rare to be the only target.”
“There’s an old joke: when you are in the savannah, you don’t need to be faster than the lion, you need to be faster than the friend next to you.”
That means organisations that do not take security quite so seriously are low-hanging fruit for intelligence gathering.
“You need to pay a lot of attention to the various aspects of security and you need to make your security layered,” Niemala explains. “There needs to be passive preventative measures, active preventative measures, limiting measures, containment measures, detection and response.
“When you have your security stack and layers in place you are going to be a hard target – which means that then, provided you are significantly harder than targets of equal value, it’s very likely that you will not be hit with sufficient resources to cause a significant breach.”
“They are going to try you, but if you detect them and kick them out, pretty soon they are going to decide that guy is more trouble than it’s worth.”
IDG News Service