Anatomy of a Chinese Cyber Attack

Cyber Attack — How the Chinese do it…

Security ManualA Chinese cyber Attack (a Stuxnet-style attack) frequently makes its first entry into a company’s secure network via a technique called “spear-phishing.” This approach uses an email sent to a specific individual that appears on the surface to be genuine and frequently seems to originate from inside the organization, nut is not. It has actually been spoofed. That email will usually contain a link that appears innocent, but in  really contains the link connection to load the Chinese malware that enables the break-in.

Order Security ManualSample DRP

Once the malware is inside a company’s network, the Chinese hackers can access computers, databases and data files by sending additional malware that retrieves intellectual property over time.  This is the Chinese cyber attack footprint.

This malware is very difficult to detect, but the malware’s actions can be detected with proper monitoring.  At this time, the necessary tools to combat Chinese hacking still are not available to the general public; there are steps a company can take.

The steps are:

  • First, conduct an inventory of critical information that resides on your network and linked computers, including anything that could help a competitor. This includes trade secrets, supply-chain data, manufacturing data, customer information, materials lists or anything else that could hurt you even if it’s incomplete.
  • Second, once you have inventoried  what’s out there on your network, you need to protect it. This may include encrypting data and designs that must be available on a routine basis, limiting access to those who must use the data and then tracking their use. It may even include removing data from the network if loss of the information could be damaging to your company and that information does not need to be accessed frequently.

This is not to say that even those steps are perfect. After all, a Stuxnet-style attack can still get to even well-protected information, but it does reduce the risk. Meanwhile, maybe it’s time to think of an up-to-date next-generation firewall that’s smart enough to see when specific types of data are moving out of the company network and then preventing it. Of course, even next-generation firewalls can (and will be subverted), but it’s hard to do and if hackers are looking for targets of opportunity, such protection may encourage them to move on to easier targets.

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA's Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.