The Changing Face of Cyber EspionageMandiant's Rob van der Ende on How Spies Are Using Unconventional Channels to Hack Targets
While cyber espionage groups use the same technologies and techniques as traditional, financially motivated attackers, their targets are often different. And increasingly, the channels of intrusion are a source of surprise for investigating teams, says Rob van der Ende, vice president, APJ, at Mandiant Consulting.
The end targets are obvious in these operations - defense contractors, governments and other targets of geopolitical or strategic value. However, cyber spies rarely attack these organizations directly because of the high level of security that is usually in place. "Attacks are now being driven through unlikely channels to get to these organizations," van der Ende says. "The trusted supplier relationships that organizations or governments have with many vendors [and] service providers are being exploited, and also channels like media organizations are being used."
This method has become far more prolific in the past year, he says. Attackers are going after the weakest link to get to these organizations, and some of the channels being used are coming as a surprise to the end targets, as well as the market in general.
Cyber espionage attacks are aimed at governments and also research and development organizations. Business-to-business espionage also takes place, as evidenced by Mandiant's investigations, but is predominantly driven by intellectual property motivations for the attackers, he says. "Cyber espionage is predominantly being conducted by nation-state actors, even when it is into commercial organizations in order to skip a lot of R&D investment and time."
According to a report by FireEye's iSight Intelligence group on China's use of cyber espionage, 13 suspected China-based groups have compromised corporate networks in the U.S., Europe and Japan and targeted government, military and commercial entities in the countries surrounding China. The report notes that cyber espionage sponsored by China seems to be ebbing following action taken by the U.S. government and diplomatic dialogue - between late-2015 and mid-2016. But van der Ende points out that there are now more than 50 nation-states with offensive cyber capabilities.
In this exclusive interview with Information Security Media Group (see audio player link below photo), van der Ende shares some details on suspected nation-state actors and the trends Mandiant's work in the field has revealed. Listen to the interview to learn more about:
- The unlikely techniques and channels being adopted;
- How to prepare to defend against cyber espionage;
- Predictions on what to expect in the coming year.
Before joining Mandiant Consulting, a FireEye company, van der Ende was director for cybersecurity and public sector across Asia within the enterprise services business unit of Microsoft Corp., where he led the expansion of Microsoft's cybersecurity and public-sector solutions and services. Previously, he was vice president for consulting at Oracle Corp.