State-sponsored Cybercrime a Growing Threat to Business

State-sponsored Cybercrime a Growing Threat to Business

One government spying on another? That’s expected. But state-sponsored attacks on corporations are an altogether different story.

Corporate CISOs need to be concerned. Attacks from both skilled individuals and governments are increasingly focused on private enterprises. New methods are being introduced, as well.

The global nature of business makes the Web an attractive means for new forms of international hacks, thefts and other cybercrimes. Here are three recent examples of foreign attacks on private businesses:

Russian Malvertising

A Russian fashion web site delivered a new form of malware uncovered by researchers. When a visitor clicks on a malicious ad, their computer receives a payload for a click-fraud campaign. The user is redirected, via several intermediary sites, to a site hosting an exploit kit. The kit, in turn, downloads malware directly onto the user’s computer, turning it into a botnet that can be used for future crimes.

This malware cleverly evades traditional antivirus software through the use of multiple-layer obfuscation. Even when it runs into anti-fraud networks, researchers found the protection ineffective.

China versus GitHub

China has been suspected of attacking GitHub, an open-source code repository used by many application developers. The attacks use a “man in the middle” scheme to intercept Web requests coming into Baidu — China’s leading search engine — from other countries. The scheme then replaces the content with JavaScript code that attacks GitHub.

The attack is essentially a DDoS attack. Analytics and advertising traffic destined for Baidu, seems to be getting hijacked and redirected to GitHub. The latter was apparently targeted because it hosts pages that enable Chinese users to view sites blocked by the Chinese government. One such site is—a nonprofit site that runs mirrored versions of censored sites such as the Chinese-language version of the New York Times.

GitHub is offering tools for getting around the Chinese government’s censors. Researchers at the University of Toronto's Citizen Lab have released a report about a Chinese cyber weapon they've dubbed "The Great Cannon," which appears to be the source of the attacks.

Islamic State Exploits WordPress

Sympathizers of the Islamic State are now exploiting key vulnerabilities in the popular WordPress program. An FBI alert says the attacks have so far been fairly low-level — mostly defacement of websites. But these attacks can be disruptive, causing lost revenue and extra costs.

The attacks arrive through vulnerabilities in WordPress’s content-management system used by thousands of companies. Patches are coming but in the meantime, attackers can use these vulnerabilities to gain unauthorized access, bypass security barriers, inject scripts and steal cookies, the FBI warns.

WordPress attackers could also install malware, manipulate data, and create new accounts for future attacks.

State-sponsored attacks from Russia, China and the Mideast may seem distant, but they’re not. In fact, the next digital battleground could be on the network you run.

Learn more about threat management.

About Craig D' Abreo

VP, Security Operations, Masergy
Craig oversees the Managed Security, Threat Intelligence and Security Professional Services departments at Masergy. He is responsible for Masergy’s proactive enterprise cybersecurity threat management and operations program. Craig holds a bachelor’s degree in Computer Science and an MBA in Information Security. He is a Certified Information Security Systems Professional (CISSP) with over a decade of experience in the security industry and holds various network security certifications. He has written on various security blogs, spoken on a range of industry panels and is a recognized thought leader in the cybersecurity space.