China: Spying the Friendly Skies?

Yesterday’s Bloomberg report regarding an advanced and persistent attack against United Airlines is no data breach. We are now learning that increasing evidence is pointing to a direct link between recently uncovered mass-hacks at the Office of Personal Management and Anthem Inc. These suggested links to the Chinese intelligence services, along with recent reports regarding mysterious operational glitches, are just adding more fuel to the fire.

Chinese-American cyber-relations have been getting more attention in the past few months, with new findings of alleged Chinese success in infiltrating sensitive American databases. However, as some reports indicate, this is merely a little glimpse into a continuous and ongoing cyber clash. Fortune Reporter Paul Coyer outlined his version of the Chinese-American Cyber-Feud in a recent article, emphasizing that both parties have increasingly been investing in infiltrating and collecting information from each other’s cyber-domains.

On the topic of United Airlines, one major misconception needs to be shattered: While we may mistakenly consider mass transportation infrastructure more secure than our personal laptops, we should remember most customer-related operations rely on commercial IT, making it as vulnerable as any other service. This should explain why flight manifests were compromised. We should hope inventory lists, flight planning, and flight management tools are better secured, kept away from public Internet access points and better regulated.

 

 

Symantec recently published its findings regarding malware used in the attack campaign against Anthem, in which a system admin witnessed his own credentials compromised and used to conduct unusual data queries. Symantec also claims it had observed malware operators in a chain of espionage-motivated campaigns in the Aerospace, Energy, and Healthcare Industries.

Powerful APT groups have been infamously recognized for their ability to utilize Zero-Day vulnerabilities and deploy sophisticated pieces of malware to penetrate and consolidate inside target networks. The only measure that seems to shed some light into their stealthy actions is their need of trusted insider credentials in order to gain initial access, and later collect the information they need to further expand their actions once inside the network.

With perimeter defense failing as the final barrier between attackers and company-prized “Crown Jewels,” we believe that using Behavioral Analysis powered by Machine Learning Algorithms holds the potential to uncover the exact actions and maneuvers that attackers want to go unrecognized. Constantly baselining normal behaviors in a corporate network ensures that even a slight diversion from the norm would gain SOC attention.