Should You Worry About State-Sponsored Cybercrime?
If there’s one thing recent cyberattacks on compromised government personnel data should have taught us, it’s that state-sponsored cybercrime is far more than just a bogeyman story made up to frighten IT professionals. One recent example is where Chinese hackers are thought to have stolen government data relating to background checks on 21.5 million people – exactly the kind of thing a federal agency wouldn’t want falling into the hands of a foreign power.
And, of course, there was the Sony hack of November 2014, for which North Korea has almost universally been blamed. Rarely, if ever, has a cyber attack had such a clear ideological motivation.
However, if you’re not a federal agency responsible for national security, or about to release a movie that directly insults head of states, you may still be under the impression that state-sponsored cybercrime isn’t something you have to worry about. Surely the majority of US businesses don’t hold data that would be of value to China, Russia and North Korea, right? Surely you only have to protect against opportunistic thieves and disgruntled employees?
Unfortunately, the evidence points in another direction entirely.
One of the best-documented cases of state-sponsored cybercrime is the activity of Unit 61398 of the People’s Liberation Army, which was detailed in a report from Mandiant back in 2013 and ultimately led to the US indictment of five individuals the following year.
Considered at the time to be the world’s most prolific advanced persistent threat, the group appears to have engaged – and may still engage – not in gathering state secrets, but in profit-motivated industrial espionage.
Known targets have included Westinghouse, SolarWorld, US Steel and Alcoa, with the hackers stealing business intelligence, intellectual property, documents on trade disputes – anything that might allow them to undermine US businesses’ competitiveness on the global market.
The Risk to Critical Infrastructure
Another important hacking target for state actors is critical infrastructure. Earlier this year, a study from the Organization of American States and Trend Micro found almost half (44 percent) of critical infrastructure suppliers in North and South America have experienced cyber attacks in which hackers attempted not to steal data, but to destroy it – presumably efforts to disrupt services essential to the very fabric of society.
It may be only a matter of time before we see a major state-sponsored cyber attack on an electricity, water or gas company here in the states, potentially with devastating consequences. According to a recent report from the UK insurance market Lloyd’s, if hackers were to shut down enough of the US power grid to plunge 15 states and Washington DC into darkness, it could cost the country’s economy as much as $1 trillion – not to mention cause mortality rates to rise, international trade to decline, and transport networks to collapse.
Attacks in Other Industries
Even then, this only covers a fraction of the industries that may well be targeted – if they haven’t already – by state-sponsored cybercrime. It’s been suggested that the cyberattacks on government data was carried out by the same group who had previously stolen data from the health insurers Anthem and Premera Blue Cross, and who would later target United Airlines.
Why would a single entity go after such a wide range of organizations? According to some, it’s because China isn’t just interested in gathering discrete items of intelligence, but in building a massive database of US officials and government contractors that can be cross-referenced: their clearance, their movements, their medical records. And they’re willing to attack almost anyone to do it.
Speaking to Bloomberg, Rosita Dellios of Australia’s Bond University commented: “Usually in cyber strategy, it is critical infrastructure like energy grids, transportation, and satellites that are mentioned.
“Here we have a whole class of people crucial to US security being targeted.”
Could your business be the next to fall to a state actor? Or have you taken the steps necessary to defend your data against even the most sophisticated forms of cybercrime?