South China Sea: another cyber skirmish to worry about

south china sea mapI seem to have chosen the wrong time to come back from Hong Kong. Just a fortnight after landing back in Blighty, the US raised the stakes between the two superpowers, and mortally offended China’s honour, by indicting five PLA soldiers on charges of hacking US firms for economic gain.

I’ve written enough about it here and here already, so I won’t go into the pros and cons of this high risk strategy again. Safe to say that Beijing already appears to be retaliating in the most effective way possible; by making things decidedly difficult for US tech firms in the Middle Kingdom. Already reports have emerged that Cisco and IBM could be in trouble.

Is a new Cold War about to begin?

Well, if it does, one company it might be worth keeping an eye on is threat intelligence firm Cyber Squared. The firm’s ThreatConnect Intelligence Research Team has an interesting and very thorough analysis of new APT-style cyber attack campaigns in the disputed South China Sea (SCS) region, as I wrote about here.

“What’s that got to do with us?” you might ask. Well, potentially quite a lot, according to Cyber Squared chief intelligence officer, Rich Barger.

“There is a risk of increased data loss for Western firms that routinely work with Vietnamese, Filipino, and other SCS region companies,” he told me. “Unit 61398/APT1 operates on the whim of the PRC, and cyber espionage has been adopted as the preeminent ‘low risk – high payoff’ medium for strategic intelligence collection.

“We typically see companies that are infrastructure related being targeted. Industries such as energy, oil & gas, mining, and transportation may find themselves directly or indirectly impacted.”

The message is loud and clear; if you have any military, economic or geopolitical stake in the SCS region, be aware that Chinese cyber operatives are increasing their activity.

“China has had a long standing national and regional interest within the South China Seas region,” explained Barger.

“It offers them a strategic economic advantage in terms of regional and global energy development and trade. From a military perspective, a strong Chinese presence within the SCS also counters the US pivot to South East Asia where China’s military modernisation, especially its navy, and regional assertiveness have come to an intersection.”

Barger argued that the various disparate groups at risk in the SCS need to start sharing information on attacks and “observing both the technical picture and the geo-political context”.

“It is important for those within these targeted industries to actively invest in threat intelligence processes as a standard business practice that supports internal information security operations,” he concluded.

“It is equally important that technical leaders effectively interpret and articulate regional threats and the context surrounding them to corporate business leaders.”


Cyber crime boss offers Ferrari to ’employee of the month’: truth or hoax?

ferrariI’m back in the UK for the time being and writing regular news for Infosecurity Magazine now so expect a fair spattering of off-cuts from this side of the globe for the coming year.

One of the first stories of note I covered was news, broken first by The Indy, that a cyber crime boss had released a video to the darknet offering up a Porsche or Ferrari to the cyber goon-for-hire who could come up with the most lucrative scam.

Now, if it’s true, the story is an interesting one in what it tells us, or confirms to us, about the economics of cyber crime.

Namely, that if the bad guys have this kind of money knocking about – to blow on a kind of bizarre “employee of the month” competition – then how can the police, government and even security vendors hope to attract and retain the best talent?

If nothing else, Rapid7 global security strategist Trey Ford told me by email, it shows the sheer professionalism of cyber gangs today and the vast scale of the underground economy.

“With every part of our lives revolving around increasingly connected technologies, the line between physical and virtual is gone, and the opportunities for attackers are immense,” he added.

“The general public needs to understand this is no longer a world of script kiddies and evil foreign governments, where the average person is unlikely to be a victim. Cyber crime is big business, and everyone is a potential target.”

It sounds obvious but it’s worth saying again, and stories like this at least raise these raise these problems in the public eye.

The other alternative, of course, is that it’s a hoax. Amichai Shulman, co-founder and CTO of Imperva, was not convinced by the story.

“I find it odd that criminal organisations resort to ‘advertising’ an ‘employee of the month’ program. I don’t think that we’ve seen this with recruiting skilled chemists for drug making and drug design or astute economists for money laundering schemes,” he argued. “This leads me to speculate that this is a hoax.”