If 90s hacker movies taught us anything it’s that hackers are benevolent human beings looking not to corporate espionage but solely for freedom of information. But — the 90s are over.
According to a new study (PDF) by security firm McAfee, hackers have resurfaced and are hacking into corporate networks to steal corporate information –private information that has been called the new Cybercrime currency. The “Underground Economies” report from McAfee stated that in 2010 attacks were focused mainly on industrial espionage and came primarily from the Stuxnet virus. The large majority of the 2011 attacks however, dubbed the Night Dragon attacks (which began in 2009), were focused on major oil companies. These multi-pronged attacks are well coordinated and aimed at stealing sensitive corporate information.
The new wave of corporate thievery by hackers is aimed at trade secrets, marketing plans, R&D reports and source code. Raj Samani, CTO for the European arm of McAfee says that “Cyber criminals are targeting this information based on what their clients are asking for.” The difficulty of this new wave of attacks is that corporations do not know when their information has been stolen.
This new stream of attacks has brought forward questions of security with the new biggest IT trends — cloud computing and smartphones. The study from McAfee urges companies to have a solid understanding of who has access to their information and how secure the data is when using cloud computing. Companies are also warned to be concerned with what security is in place on cell phones and smartphones, which contain sensitive corporate information on a vulnerable platform.
While hackers have been hijacking systems for years with viruses and Trojans looking for logins and credit card information, these new attacks are based on simple hacking source code that is readily available in the underground hacking realms. The code being used is simple yet effective, and scarily is easy to find.
Greg Day, Director of Security for McAfee says that although the technology is built around simple tools and code that are widely available in the underground that does not underscore its effectiveness.
The Director of Security at Trend Micro, Rik Ferguson, confirms the information in the survey saying that the Stuxnet attacks were by no means isolated incidents as hackers continue to target petroleum companies. “The intrusions were multi-staged, multi-vector, pervasive and sustained,” Ferguson said.
The multi-pronged attacks begin with compromising the external server which is used to open access to the company’s internal network. Tools are then deployed to find usernames and passwords, which they use to dig deeper into the network. After the hackers disable the internet network settings to gain outside access to the internal network they begin to pilfer information. This information according to McAfee is “tremendously sensitive and would be worth a huge amount of money to competitors.”
McAfee found in their study that there is a large market for this new cybercrime currency — and hacking campaigns were stealing specific types of information from targeted companies and verticals.
Many Internet Security experts are suspecting that this new form of corporate espionage may be coming from China and they could be directed attacks, Stuxnet for example was directed primarily at Iran. While the information is circumstantial, Day believes that it is unclear if the Night Dragon attacks were state-sponsored by China. One hacker that was pursued by McAfee was determined to be based in China, but they cannot confirm or deny if the individual was state-sponsored.