Report: Cyber-Spies to Wage Non-Stop Assaults on Defense Firms in 2011
January 2010’s Operation Aurora helped coin a new term, the advanced persistent threat. Aurora, believed to have originated in China, successfully infiltrated dozens of U.S. companies with the goal of stealing source codes and other data.
The spies used messages sent through emails that appeared to come from close friends or colleagues that asked them to link to photos. The link actually took them to a webpage that installed sophisticated worms that embedded deep within operating systems.
This form of attack is called “spear-phishing” because unlike regular phishing scams that are sent out in mass emails, these are crafted for individual targets.
Once a computer was infected and sent out a message to its creators that it had been enslaved, hackers were standing by 24/7 to exfiltrate data.This went on for several months before Google discovered the plot in January. McAfee defines an advanced persistent threat as one that originates from a nation-state and is carried out for motivations other than financial gain or political protest.
“Companies of all sizes that have any involvement in national security or major global economic activities — even peripherally, such as a law firm advising a corporate conglomerate starting business in another country — should expect to come under pervasive and continuous APT attacks that go after email archives, document stores, intellectual property repositories, and other databases,” the report said.
Hand in hand with the advanced persistent threat will be the increasing use of social networking sites that publicly display personal information such as friends, relatives and likes and dislikes that can help cyber-spies craft spear-phishing messages.
Attacks have gravitated toward social networking sites such as Facebook and Twitter as the use of email diminishes in favor of these popular sites. Short URLs, which allow users to abbreviate web addresses that are too long to cut and paste into status update boxes, are a particular concern because the recipient cannot tell by looking at it if it is a legitimate site or not.
Dmitri Alperovitch, one of the report’s co-authors, said social networking sites can be used in two ways. They can be compromised and used to launch an attack on a person connected to a company of interest to hackers. And they can also be used to conduct research. A cyber-spy can find out the names of friends of his target, discover the target’s interests — windsurfing for example — and then craft a message sent through instant messaging, email, or social networking sites that appears to come from a friend who has windsurfing pictures.
“Social media connections will eventually replace email as the primary vector for distributing malicious code and links,” the report said.
The coming year will see increased attacks on both mobile devices and Apple operating systems, the report also predicted. It acknowledged that past predictions of increased vulnerabilities to smart phones and their like have not come to pass, but 2011 will be a “turning point for threats to mobile devices,” the report said.
As far as Apple, the day when cyber-criminals and spies bypassed its software for the more popular Windows systems have come and gone. The popularity of the iPad and iPhone in business applications makes them another conduit for spies to gain access to defense firms and for their users to unwittingly pass around malicious codes.
Company employees are increasingly coming to their IT departments and asking them to connect iPhones and other popular devices to their organizations’ networks, Alperovitch said. They must take care to ensure they have the proper encryption and that the data could be destroyed remotely if a device is lost or stolen, he added.
Applications that are rushed into the market for mobile devices pose another risk, the report said. The lab has already seen poorly developed “apps” that are rushed to market with security flaws.
It “expects to see increasing numbers of both suspicious and malicious apps for the most widely deployed mobile platforms and operating systems,” the report said.