4 factors for avoiding cyber espionage attacks

Malware continues to change at a rapid pace, as evidenced by new types of high-tech, military-grade malicious code grabbing headlines such as Stuxnet, Duqu and Flame.

Another category raising its ugly head is the malware developed specifically for industrial espionage, like ACAD/Medre.A, which we will be seeing more and more of in the future. Why these sudden spikes in the news? This isn't something new; these kinds of situations have happened before. But since people in general are becoming more security-aware due to the ongoing stream of information and related coverage in the media about state-sponsored malware, these anomalies are now noticed on a more regular basis and as a result of being detected more often.

[Slideshow: 20 notorious worms, viruses and botnets]

You're most likely are asking yourself:"What can I do to protect my company against these targeted attacks?"

First off, the attacks that are targeted are usually invisible to current security measurements and undetectable by even the most up-to-date anti-malware solutions. This is, of course, not a reason to stop using anti-malware software, as it continues to be a line of defense that can still help you identify and remove threats. Also, anti-malware software is getting smarter and new(er) versions may be able to detect the threats purely based on behavioral detection, but even if it doesn't, when the signature database is updated with entries covering the threat, you may suddenly find that your network has been affected. Even though the system was compromised, and data may have been leaking, at least you now know you have a problem and you can start a proper damage assessment and begin issuing remediation protocols.

More often than not, these attacks have been built with information from the inside, which allows hackers to smoothen the point of entry into your environment. So, to properly protect your company and its assets in the best ways possible against these potential espionage attacks that are trying to steal your intellectual property, it is imperative that you will have to take additional actions and precautions.

1. Data Policy: You need to look at who is allowed to access to critical information. In many cases the data holding the intellectual property is readily available on the network for many people and is easily accessible.

2. Bring Your Own Device (BYOD): an entire topic by itself. BYOD may seem like an inexpensive solution, but in the end it may cause you more problems than it is worth. You do not know where the device has been, what kinds of software have been installed on it, if copied material has been downloaded to it, etc. If you do support BYOD, at the very least you need to enforce that management/maintenance software has to be installed. Also make sure that some kind of Device Control Mechanism is in place that will safeguard against data leakage. Not only can it only allow certain (USB) devices to be inserted, it will also encrypt the data. When the data is later used on another system inside the company's environment, the data will automatically be decrypted 7mdash; and thus usable -- but when copied to a system that does not have the Device Control Mechanism installed, it will be useless.

3. Protect your critical infrastructure: separate the network with the intellectual property from the corporate network and only allow access to that network to individuals who need to have access. But you will have to go further than that. Documenting and deciding who is allowed to work on that network and have physical access to locations that can reach that network needs to be determined. Even if you have security clearance screening for employees that can access to these areas, are you sure external companies do the same (e.g. employees of the company cleaning the office)? Or the mechanic of specialized hardware company you hired who is coming from the supplier to perform maintenance? And how about the laptop he connects to the hardware to monitor the proper working order of the hardware (getting back to BYOD)?

4. Monitor for unexpected behavior. This is by far the most difficult one as you never know what to look for. In a recent case (ACAD/Medre.A) where industrial espionage is suspected, the malware was sending copies of blueprints via SMTP to an email address in China. There is no reason for ANY code to have mail-sending capabilities other than to the corporate Mail Transfer Agent. With the correct firewall settings (and alert-system), the transmissions should have been noted and prevented. Given the tens of thousands of leaked blueprints we can safely assume that implementation of basic monitoring measurements is not in place in many organizations. In other situations, frequent connections on weird ports to a single (or a small set of) IP address(es) again may indicate something is wrong.

[Slideshow: 15 worst data breaches]

There is no real manual on how to protect yourself from targeted attacks trying to steal your intellectual property. And where these attacks are small-scaled, they may go unnoticed for a long period of time, or go completely undetected. Staying educated, visiting your favorite security vendors' websites, reading how the new threats work and making sure you keep protecting yourself against them is a must if you want to stay properly protected and have all the proper measures in place to keep your intellectual property out of the hands of hackers.

Righard Zwienenberg is a 24 year veteran in the anti-malware industry and a Senior Research Fellow at ESET.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Righard Zwienenberg

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts