cyber espionage

What is cyber espionage?

Let’s Define Cyber Espionage

Espionage, according to Merriam-Webster, is “the practice of spying or using spies to obtain information about the plans and activities especially of a foreign government or a competing company.”

Cyber espionage (cyberespionage) is a form of cyber attack that is carried out against a competitive company or government entity. The goal of cyber espionage, which may also be referred to as cyber spying, is to provide the attacker with information that gives them advantages over competing companies or governments.

Cyber espionage does not have to be sophisticated, but it can involve complex tactics and long, patient breaches of a target’s network. Common methods of cyber espionage include advanced persistent threats (APT), social engineering, malware attacks, and spear phishing. The cyber espionage threat landscape is constantly evolving as attacks become more sophisticated.

Cyber Espionage Is Global – and Taking Warfare to a New Level

Headlines about cyber espionage usually focus on China, Russia, North Korea, and the United States, whether as the attacking state or the victim of attack. However, the UK’s Government Code and Cipher School (GCCS) estimates that there are 34 separate nations that have serious well-funded cyber espionage teams.

These state-based threat actor teams are comprised of computer programmers, engineers, and scientists that form military and intelligence agency hacking clusters. They have tremendous financial backing and unlimited technological resources that help them evolve their techniques rapidly.

What is the difference between cyberwarfare and cyber espionage?

The terms cyber espionage and cyberwarfare are similar, but they are not the same. The biggest difference is that the primary goal of a cyberwarfare attack is to disrupt the activities of a nation-state, while the primary goal of a cyberespionage attack is for the attacker to remain hidden for as long as possible in order to gather intelligence.

Even though cyber espionage and cyberwarfare are two distinct concepts, they are often used together. For example, cyber espionage can be used to build intelligence that will help a nation-state prepare for declaring a physical or cyberwar.

What are cyber espionage targets?

Any government or large corporation can be targeted for a cyber espionage attack. Some of the most commonly targeted countries include the United States, South Korea, Japan, Russia, China and the United Kingdom. According to the U.S. Department of Homeland Security, some of the nations that are best prepared to deal with cyber attacks include — but are not limited to — Canada, the United States, Brazil and Germany.

Cyber spies most commonly attempt to access the following assets:

• Research & Development data and activity
• Academic research data
• IP, such as product formulas or blueprints
• Salaries, bonus structures and other sensitive information regarding organizational finances and expenditures
• Client or customer lists and payment structures
• Business goals, strategic plans and marketing tactics
• Political strategies, affiliations and communications
• Military intelligence

How can you prevent cyber espionage and protect data?

Although not every company may have to worry about being targeted by nation-state hackers, cyber espionage can still be committed by individuals in rival companies, so it is a good idea to keep security at the top of mind. To protect data and prevent cyber espionage, an organization can:

• Identify the techniques used in cyber espionage attacks. This can give an organization a good baseline in what to protect.
• Monitor systems for unexpected behaviours. Using security monitoring tools can help pick up on or prevent any suspicious activity from occurring.
• Ensure critical infrastructure is protected and updated.
• Enact data policies, including who has access to what information. This will help ensure only those who need access to critical information can gain access.
• Make sure there are no vulnerabilities in a system and that any used third-party software systems are secured and well protected against cyber attacks.
• Create a cybersecurity policy that addresses security procedures and risks.
• Establish an incident response If an attack is detected, an organization should be able to quickly respond to minimize damage.
• Educate employees about security policies, including how to avoid opening suspicious-looking emails with links or document attachments.
• Ensure passwords are changed periodically.
• Monitor what data can be stored on individual mobile devices for organizations that make use of bring your own device (BYOD).

Examples of cyber espionage attacks

In 2020, U.S. organizations and government agencies were targeted by a nation-state attack. A backdoor was discovered in a widely used IT management product from SolarWinds.

FireEye, one of SolarWinds’ 300,000 customers, disclosed that the nation-state attack it suffered was the result of a massive supply chain attack on SolarWinds. Access was gained to the intended victims through infected updates to SolarWind’s Orion IT monitoring and management software. Up to 18,000 of SolarWinds’ customers were left vulnerable, along with various U.S. government agencies. Media outlets have reported that APT29, a Russian state-sponsored hacking group also known as Cozy Bear, was behind the SolarWinds attack.

Cozy Bear attacked the Norwegian Police Security Service in 2017 by attempting to spear phish the emails of nine members in the Ministry of Defense, Ministry of Foreign Affairs and the Labor Party.

Cozy Bear and another group, Fancy Bear made multiple attempts to hack into Dutch ministries and the Ministry of General Affairs that same year. The attack tried to obtain sensitive information concerning government documents.

North Korea has been involved in a number of cyber espionage attacks that have targeted countries such as South Korea, Japan and Vietnam.

North Korea is responsible for a state-sponsored hack of Sony Pictures in 2014. The Sony hack was conducted using malware and used a Server Message Block worm tool. U.S. investigators believe the culprits who carried out this economic espionage took two months to copy critical files and targeted Sony as a trial-run for future political cyber espionage.