China: One of the Biggest Threat In Cyber Warfare

China cyber warfare

China is one of the biggest threats to other countries when it comes to cyber hacking. China is both the world`s second-largest economy and a nuclear weapon powerhouse with the world`s second-largest defense budget, there’s no question that China cyber warfare is the most aggressive worldwide. Western countries have long accused China of aggressive underground activities, and while investigations have traced various attacks on corporate and infrastructure computer systems to have originated from China.

It is nearly impossible to know whether or not an attack is government-sponsored because of the difficulty in tracking true identities in cyberspace.

Why Is China Always Connected To Cyber Hacking?

Hackers from China, often with ties to the government, and have been accused of breaking into gas companies, steel companies, and chemical companies. Not long ago, Chinese Government Companies were charged for stealing the secret chemical make-up of the color white from DuPont. China developed its J-20 fighter planes, a plane similar to Lockheed Martin`s F-22 Raptor, shortly after a Chinese National was charged for stealing technical data from Lockheed Martin, including the plans for the Raptors.

The Federal accusations mostly offer a high-level look from there, but China`s hackers followed a fairly standard playbook. Once they had established themselves on a computer, they would start downloading more malware to escalate their privileges, until they found what they are looking for: data. Chinese Information Operations and Information Warfare include the concept of network warfare, which is roughly analogous to the United States concepts of cyber warfare.

Foreign Policy provided an estimated range for China`s hackers’ army personnel, anywhere from 50,000 to 100,000 individuals. Technology Theft and other unfair business practices originating from China are costing the American economy more than $57 billion a year, White House Officials believe, and they expect that figure to grow.

China Hacked Dozens of US Government Agencies and Businesses

China hacking government agencies and businesses

In dozens of interviews with the U.S. Government and business representatives, officials involved in commerce with China, hacking and theft were an open secret for almost two decades, allowed to quietly continue because U.S. companies had too much money at stake to make waves. Eventually, the hackers even installed their own VPN systems on the network so that they could enter at will over an encrypted connection.

A multi-year attack carried out by Chinese hackers was exposed recently, and the scope of it is beyond anything previously seen in nation-state cyber underground activities. A notorious team that is widely believed to have Chinese government support is believed to have compromised at least 10 major global carries and used their networks to track and spy on high-profile business leaders and members of foreign governments.

That makes these cyber underground activities incidents unique is that Chinese hackers appear to have been following their targets as they move from country to country, hopping from one breached network to another as needed. While this ability is not new, this kind of mass-scale has not been seen before. According to a Justice Department accusation, that is effectively what China has done to the rest of the world since 2014. That when the countries APT10 (Advanced Persistent Threat), the hacking group decided to target not just individual companies in its long-standing efforts to steal intellectual property, but instead focus on so-called manage service providers. They are the businesses that provide IT infrastructural like data storage or password management.

More Accusations Against China

For an even greater sense of scale: The accusations allege, among other things, that by hacking into a single New York-based MSP, APT10 was able to compromise data from companies in a dozen countries, from Brazil to the United Arab Emirates. With a single initial intrusion, Chinese spies could leapfrog to industries as varied as banking and finance, biotech, consumer electronics, health care, manufacturing, gas oil, telecommunications and more.

https://www.youtube.com/watch?v=ZuzwHuQPKz0
  • The DOJ`s accusations – outline alleged APT10 activities that are focused on government agencies and defense contractors, dating back to 2006, that took a more conventional approach. But MSP hacks don`t just show China`s hacking sophistication; they demonstrate its ruthless efficiency and determination.
  • More than 90% of the department`s cases alleging economic underground activities over the past seven years involve China, more than two-thirds of the departments’ cases involving thefts of trade secrets are connected to China. Compromise MSP, and you have a much easier path into all these clients. They`re super. Yet an investigation by Federal Agencies into why three successive administrations failed to stop cyber hacking from China found an unlikely obstacle for the government.
  • The U.S – China Economic and Security Review Commission was set up in 2000 to examine the implications of growing economic ties with China. An expert on Chinese security issues at the conservative Heritage Foundation said the alleged Internet
  • Hijacking appeared to be part of what he described as a disturbing pattern of aggressive Chinese Cyber Activities. All of this that from China`s view, a global conflict is already underway – in the virtual world of cyberspace, the ability to direct vast amounts of data constitutes a threat, not only to national security, but also to private companies and individuals, as their information, too, has now been put a risks.

Obama’s Say About The Issue

The past Obama administration officials say they did not turn a blind eye to the Google hack or cyber theft from China.

The administration was struggling with other important priorities, such as North Korea, Iran, the economic and climate change. Cybersecurity companies have gotten relatively good at observing and analyzing the tools and tactics of nation-state threat actors; they are less good at placing these actions in context sufficient enough for defenders to make solid risk assessments. In short, APT hackers put themselves in a position where they not only had access to MSP systems but could move through them as an administrator might. Using those privileges, they would initiate what`s known as Remote Desktop Protocol connections with other MSP computers and client networks.

Think of anytime an IT staffer has taken over your computer to troubleshoot, install Photoshop, whatever. It is like that, except instead of a friendly coworker it`s Chinese hackers hunting for secrets. China has denied these accusations of cyber warfare and has, in turn, accused the United States of engaging in cyber warfare against China – a claim the U.S. government denies. China`s hackers will continue to rob the world blind at every opportunity. At least, though, they may now be a little less anonymous when they do.

References:

How To Have An Adapting Cybersecurity

 Cyber security
Cyber security / shutterstock

Every system built in the real world has security. Set a banking institution as an example, the entrance has guards on it even the inside has more. The same setup applies online. For online business owners having a strong Cybersecurity is a must but how to have an adapting one is not easy.

Any individual or an organization will like to buy a magical permanent solution against all Cybersecurity problems and all can sleep without fear. But it is easier said than done. Technology nowadays keeps on evolving like a 4G became a 5G network and soon become 6G.

Let us face the truth, having a Cybersecurity is not easy and to have a strong yet adapting one is a challenge! There is no magical formula to have one but there are a handful of things that anyone can do to achieve lower exposure to risks as well as significant security posture improvements.

With the right platform, intelligence, and expertise along with what mentioned above can help anyone or any institution evade the vast majority of threats. Plus it can also help in detecting and responding to any attacks that get through the system more quickly. No system is safe, that is a reality.

The Challenges of Having a Cybersecurity

It is very indeed a challenging thing to have a Cybersecurity for many reasons but the evolving perimeter that surrounds as well as the complex solutions are not helpful.

A long time ago all but a faint distant memory, according to the Techno standards, Cybersecurity was built around a mere concept of INSIDE vs. OUTSIDE and US vs. THEM or vice versa. The servers, users, applications, and data inside the network system were basically trusted while everything outside was flagged as a potential threat.

The creation of free public Wi-Fi, hotspots, and handy laptops on the go, mobile devices includes phones, tablets, watches, and cloud computing devices have eroded the concept of a fixed perimeter. The old model of perimeter defense is not valid anymore because attacks can be anywhere. Worst, most attacks are appearing to be valid and legitimate users. Software that hasn’t been updated just like what happened to VLC – which hackers found a way to inject malware to its users.

Here’s a Quick Video on How Cybersecurity Works

https://www.youtube.com/watch?v=JdfmV2KW11I

On the other hand, new platforms and technologies are developed thus Cybersecurity vendors are forced to create specific point solutions for each problem. The result of this scenario is confused, mixed tools and services that serve specific facets of the perimeter but does not always play well with each other. This does not provide a comprehensive approach to the whole system but rather a complex one. The said whole security system must be understood and stand-alone.

We can’t remove the fact that the threat or attack landscape is expanding and evolving worsening any solutions even more. Attacks have become stronger, more complex, and harder to be identified such as the famous file-less “Living off the Land” (LotL) attacks.

The diversity of the Information Technology systems, in particular, the hybrid or multi-clouded environment, gives way to misconfiguration. Inevitable human errors expose the network to unnecessary risks.

The attackers are also learning and adapting the Artificial Intelligence (AI) to bypass or evade detections along with the automation of developing customized attacks.

Ways to Enhance Your Cybersecurity

With all those things mentioned above sounds discouraging like there is no hope but there are measures we can do. Bear in mind that our goal is to neutralize attacks or weaken them at least. There is no perfect Cybersecurity system.

As the title of this article, “How To Have An Adapting Cybersecurity”, we must learn to adapt to threats and attacks. One of the goals is to give a hard time for the attackers to penetrate your network system and improve your chances of quick attack detections, stopping them in time. Being smart or knowledgeable is our best defense. We must know our enemies like we know ourselves coming from Sun Tzu’s Art of War book.

Here are the five keys in order to implement that:

  1. You need to evaluate your business objectives and unique attack surface.

Select a threat detection method that can address your workloads properly. Cloud servers are unpredictable they spiral out of control UP and DOWN on a regular basis. Your Cybersecurity system’s detection should follow the provision and de-provision of the engine cloud platforms. The collection of metadata to follow events must be observed because of detection traverse in dynamic environments. Most SIEMs (SIEM stands for Security information and event management) cannot do this.

  • Vulnerabilities must be eliminated even before they are detected.

This method uses vulnerability assessments to identify and remove disadvantages before they become exploited. This includes assessing full application stack, system code, third-party code, and code configurations.

  • Data from multiples sources must be aligned to improve use cases and desired outcomes.

There are kinds of data that must be collected, inspected for any suspicious activity namely; web, log, and network. Each data type has its own unique strengths in identifying certain threat kinds and altogether, gives a whole picture for greater precision and actionable context.

  • Analytics can be used to detect the latest sophisticated attacks.

Sounds complex but don’t be confused, it is ensuring your threat detection mechanisms are looking in real-time events and patterns alongside the past historical events across time. Machine application learning is advised here in order to find out what you are specifically looking for. If you use SIEM, make sure to apply machine learning in order to see missed correlations and tune your SIEM rules better.

And last but not least of course:

  • Align your security goals according to your business demands.

There are more ways to improve your security posture and identify threats. Most of SIEMs have traditional approach in finding threats. They are most helpful for organizations that have a well-rounded staff security program but a SIEM alone isn’t the best answer for security monitoring against today’s web applications and cloud surfaces.

Again remember, no system is safe, just counter arising problems. Be smart is the best defense.

References: