US businesses at risk of state-run cyberattacks

Are political tensions between the US, and China and Iran, posing a cybersecurity threat to businesses in the States?
19 February 2019

Is China targeting US businesses? Source: Shutterstock

Businesses and government agencies in the United States could be at risk of cyberattacks from Chinese and Iranian agents, according to a report by the New York Times.

Security experts say President Trump’s withdrawal from the Iran nuclear deal last year and trade conflicts with China form the backdrop to the alleged escalation in attacks.

Companies like Boeing, General Electric Aviation and T-Mobile were among the recent targets of “industrial-espionage” efforts, as stated in a summary of an intelligence briefing that was obtained by NYT.

Aerospace company Airbus was also victim to Chinese hackers, but the company has been cagey about the attack and its significance in terms of how its strategic assets and proprietary information were affected.

Iranian attacks also focused on American banks, businesses and government agencies, with dozens of corporations and multiple United States agencies reportedly targeted.

The attacks coincided with a renewed Chinese offensive geared towards stealing trade and military secrets from the US and, according to security researchers and data protection lawyers, could be in support of Beijing’s five-year economic plan to make the country a leader in artificial intelligence (AI) and other key technologies.

Adam Segal, the director of the cyberspace program at the Council on Foreign Relations said as such, asserting the belief of experts that China’s Ministry of State Security (MSS) is now behind most of the attacks.

Hackers are becoming adept at covering their tracks, added Segal, breaking into the networks of targets’ suppliers and avoiding use of malware commonly attributed to China— they instead rely on encrypting traffic, erasing server logs and other muddying tactics.

Priscilla Moriuchi, a former member of the National Security Agency’s East Asia and Pacific Cyber Threats division, told the Times, “these groups care about attribution, they don’t want to get caught.”

According to Moriuchi, attacks by the MSS have been targeted towards internet service providers in Western Europe and the United States— including the recent attack on Oslo-based Visma— in an assault that began with stolen credentials from third-party software service, Citrix.

Attackers then used Dark Web malware to infiltrate the networks and used online storage devices like Dropbox to move stolen emails and files.

According to FireEye researchers, Iranian hackers meanwhile have been going after the internet’s core routing system, intercepting their target’s customer web traffic.

Using stolen login credentials, they will gain access to the victim’s emails. “They’re taking whole mailboxes of data,” said Benjamin Read, a senior manager of cyber espionage analysis at FireEye.

For SMEs and those overseeing their IT systems, the attacks highlight the need for companies to rethink their disaster recovery protocols and overall security paradigms to counteract attacks.

Speaking to TechHQ, Israel Barak, chief information security officer at Cybereason, said that nations and corporations need to change their mindset immediately and start becoming proactive in their defense.

“It is no longer a game of walls, but a game of data, and controlling your data is the key to staying out of the hacking headlines,” he said.

Barak says that through threat hunting, nations and corporations can control the cyber battlefield and stop hackers in their tracks; “Control your data and you can control your future.”

In the continued trading of blows between Beijing and Washington, Chinese technology company Huawei yesterday (February 19) accused the US of attempts to hamper its advancement and global leadership with technologies such as 5G.

Speaking on the arrest of his daughter and the company’s chief financial officer— as well as the States’ pursuit of criminal charges relating to bank fraud, money laundering and industrial espionage against himself and the company— Huawei’s founder Ren Zhengfei said actions were politically motivated.

“There’s no way the US can crush us,” he told the BBC. “The world cannot leave us because we are more advanced. Even if they persuade more countries not to use us temporarily, we can always scale things down a bit.”