State-sponsored Cybercrime a Growing Threat to Business
One government spying on another? That’s expected. But state-sponsored attacks on corporations are an altogether different story.
Corporate CISOs need to be concerned. Attacks from both skilled individuals and governments are increasingly focused on private enterprises. New methods are being introduced, as well.
The global nature of business makes the Web an attractive means for new forms of international hacks, thefts and other cybercrimes. Here are three recent examples of foreign attacks on private businesses:
A Russian fashion web site delivered a new form of malware uncovered by researchers. When a visitor clicks on a malicious ad, their computer receives a payload for a click-fraud campaign. The user is redirected, via several intermediary sites, to a site hosting an exploit kit. The kit, in turn, downloads malware directly onto the user’s computer, turning it into a botnet that can be used for future crimes.
This malware cleverly evades traditional antivirus software through the use of multiple-layer obfuscation. Even when it runs into anti-fraud networks, researchers found the protection ineffective.
China versus GitHub
The attack is essentially a DDoS attack. Analytics and advertising traffic destined for Baidu, seems to be getting hijacked and redirected to GitHub. The latter was apparently targeted because it hosts pages that enable Chinese users to view sites blocked by the Chinese government. One such site is GreatFire.org—a nonprofit site that runs mirrored versions of censored sites such as the Chinese-language version of the New York Times.
GitHub is offering tools for getting around the Chinese government’s censors. Researchers at the University of Toronto's Citizen Lab have released a report about a Chinese cyber weapon they've dubbed "The Great Cannon," which appears to be the source of the attacks.
Islamic State Exploits WordPressSympathizers of the Islamic State are now exploiting key vulnerabilities in the popular WordPress program. An FBI alert says the attacks have so far been fairly low-level — mostly defacement of websites. But these attacks can be disruptive, causing lost revenue and extra costs.
The attacks arrive through vulnerabilities in WordPress’s content-management system used by thousands of companies. Patches are coming but in the meantime, attackers can use these vulnerabilities to gain unauthorized access, bypass security barriers, inject scripts and steal cookies, the FBI warns.
WordPress attackers could also install malware, manipulate data, and create new accounts for future attacks.
State-sponsored attacks from Russia, China and the Mideast may seem distant, but they’re not. In fact, the next digital battleground could be on the network you run.
Learn more about threat management.