What is Cyber Espionage?

When you think of espionage, characters like James Bond might come to mind- having to travel halfway around the world, pretending to be someone they’re not, infiltrating organizations and stealing secrets. Even though James Bond is just a fictional character, old school spies like that do exist. However, with the advancement of all of our data becoming digitized, we’re quickly becoming introduced to the new school version of spies- cyber spies.

New school espionage simplifies the spying process extremely. Companies and institutions store almost an overabundance of data in their systems. Instead of having to go through the hassle of creating a new persona and having to globe trot around the world, cyber spies need to go no further than their computer desk.

 

The Rise of Cyber Espionage in 2014

Symantec’s Internet Security Threat Report (ISTR), Volume 20 revealed two highly versatile forms of malware believed to be used in espionage - Regin and Turla. Regin, being one of the most sophisticated pieces of malware seen to date, had the abilities of a chameleon- it provided attackers with tools like remote access, screenshot capture, information stealing, network snooping, and deleted file recovery. In the instance of Turla, attackers used spear-phishing and watering hole tactics to target the governments and embassies of former Eastern Bloc countries. Turla gave attackers remote access to infected computers, giving them access to steal files, delete files, and connect to servers, and a host of many other things. 

Who Performs Cyber Espionage?

The ISTR also highlighted a few, prominent attack groups- Equation Group, and Hidden Lynx.  In addition to attack groups, there are state actors whom are acting on behalf of a governmental body, patriotic hackers, hacktivists, scammers, and data thieves can all be involved cyber espionage. Some attackers are out to steal intellectual property in order to sabotage businesses, others are going after sensitive government data and some will even go as far as attacking industrial systems such as energy grids and petroleum lines. 

How is it Done?

Cyber espionage is a very complex process- it’s not just the act of dumping malware onto a computer and having a free-for-all. It is more of a sophisticated campaign where the attackers have chosen their target, the type of information they’re looking to steal, or they could just be looking to cause damage. Sometimes, infiltration is not as easy as exploiting a zero day software vulnerability in order to gain access to an organization’s network. If attackers can’t find a software vulnerability within the network of an organization, they will look to an individual working within the organization. Sometimes these attacks require the human element of social engineering in order to succeed, such as phishing campaigns.

When attackers are targeting a person, they will do research on their subject by searching for details about them online, looking for social media sites, blogs, or anything that will give an attacker insight into their victim’s interests. They can then use that information to tailor a specific phishing campaign that is relevant to the target, in hopes of gaining their attention. Once the attacker has the attention of the victim, all it takes is opening the email, clicking on malicious links or downloading malicious software. Once the victim completes that task, the malware will then be installed onto the victim’s computer, allowing the attackers access to the network, where they can then carry out their mission of espionage.

In 2014, there was an 8 percent increase in targeted attacks via spear-phishing campaigns, spear-phishing attacks were less spam-like, with fewer high-volume recipients due to targeting of specific individuals. As a result of these findings, there is a high need to educate employees within organizations about best practices when using the Internet.

 

How Can I Keep My Company and My Information Safe?

  • Protect your passwords.
    If a cybercriminal gets a hold of your email address or username to an account you hold, they can use special tools to try and “crack” your password. Strengthen up your password by ensuring that is a strong one. Be sure to use a combination of uppercase and lowercase letters, symbols and numbers, omit words found in the dictionary, and certainly don’t use any personal information to make up the password. Also, don’t reuse the same password on multiple sites. Try to use two-factor authentication when available.
     
  • Don’t fall for phishing.
    Educate yourself on the perils of phishing attacks. Know what to be on the lookout for, how to identify spoofed emails
     
  • Secure Your Software.
    Always perform regular software updates once available on all of the programs you use. Leaving programs outdated can leave holes that attackers can sneak malware through.
     
  • Shield your social media accounts.
    As mentioned previously, attackers will do research on their targets, so make sure your social media accounts privacy settings are in check. Don’t allow any personally identifiable information to be viewable to the public, and be leery of people who contact you that you don’t know.