The global economy may now be teetering on verge of collapse largely because cyberespionage issues that were either ignored or quietly swept under the rug are now starting to have a major impact on a larger debate over fair trade.Cyberespionage issues that were either ignored or quietly swept under the rug are now starting to have a major impact on a larger debate over fair trade.Click To Tweet
This week the United States formally indicted two hackers allegedly based in China for compromising the integrity of unidentified managed service providers (MSPs) that had offices in the New York City area. The alleged hack involved a successful phishing attack that resulted in MSPs providing the cybercriminals with access to thousands of downstream customer networks. Other reports suggest that the attack outlined in the indictment is actually part of a larger pattern of attacks aimed at MSPs.
The specific attack vector employed outline in the U.S. indictment involved sending Word documents from what appeared to be a trusted source that in fact were loaded with customized remote access trojans and keystroke loggers for stealing usernames and passwords. To avoid detection, the hacker created multiple domains to host their command and control systems for the remote access trojans. If a security filter identified a malicious domain and tried to it block it, the cybercriminals simply changed the associated IP address. Frustratingly, cybersecurity professionals know this type of attack is not especially sophisticated. It happens all the time. Nor should it come as a surprise that MSPs would be the focus of such attacks. Industry warnings about exploits targeting MSPs were shared as early as last Spring. The U.S. government issued a formal warning to MSPs last month.
What it is noteworthy about the U.S. indictment is the coordinated statements issued by the governments of the United Kingdom, Australia, Canada, and New Zealand chiding China for continuing to engage in cyberespionage, a charge that the Chinese government rejects as being “arrogant and selfish.” Following the filing of the indictments of the Chinese nationals in the U.S., Denmark, Sweden, Finland, and Germany also expressed concerns about the scope of the cybercriminal activity allegedly emanating from China. All the governments involved so far as being careful to restrict allegations to specific individuals rather than companies or countries that could result in economic sanctions being imposed. By limiting the scope of the charges being leveled, countries are trying to prevent these latest rounds of allegations from exacerbating an already tense trade situation.Cybersecurity is now a global economic issue. Less clear is whether the countries involved in cyberespionage can reign in these activities. Click To Tweet
The truth is very few governments can say they have never engaged in cyberespionage. Right now, a subtle distinction is trying to be made concerning the difference between engaging in cyberespionage for economic gain and national security. That’s a distinction that may be lost on countries where the interest of the state and the private sector are closely intertwined. Whatever position any country prefers to stake out, the one thing that is clear is cybersecurity is now a global economic issue. Less clear is to what degree countries are now engaging in a game of brinksmanship to force countries to reign in cyberespionage activities that may have spun beyond their control to contain.
Hopefully, cooler heads will soon prevail. Serious negotiations concerning the level of cyberespionage now occurring around the world are long overdue. But unless whatever agreements hammered out by diplomats are effectively enforced, it not outside the realm of possibility at this point that a worldwide recession may be in the offing for the want of robust cybersecurity defenses and, just as importantly, a little restraint.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.