Breaking Down the Mandiant Hacking Report: What IT Pros Need to Know
- select the contributor at the end of the page -
With recent high profile attacks on The New York Times, Wall Street Journal, Facebook, Twitter, Apple and Microsoft, a lot of questions about who is behind these attacks are being asked. It's believed -- in part -- some of the attacks are to blame on a Chinese group called "Unit 61398."
While the attacks on the tech companies listed above has since been narrowed down to Europe, the NYT and WSJ have laid the blame on China. And with a recent report from the security firm Mandiant, the accusation seems to have some merit.
Mandiant has conducted years of research on what it calls Advanced Persistent Threats (APT) from around the world. The latest report focuses on threats coming from within China; specifically focusing on the building where it's believed Unit 61398 is housed. And while the report stops short of conclusively stating the unit is behind all attacks, it only offers one alternative explanation as to who could be behind the attacks:
"A secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398's gates, performing tasks similar to Unit 61398's known mission."
The compelling report shows how patient the unit is when carrying out an attack and mining information from victims. The average attack lasts 356 days, with the longest attack spanning over four years and 10 months.
The most troubling part of the attacks is that the exploits aren't something done in a short amount of time. The hackers are able to exploit a system and monitor it, at will, taking only the information they want or need; and most companies have no idea it's even taking place.
According to the Mandiant report, most of the attacks occurred through a simple e-mail spear phishing attack. An e-mail would arrive, purporting to be from a "new" e-mail address of someone who works for the company, with a link to one of the many tools the unit uses to infiltrate networks. Once the file has been opened, the hackers have full access to the network. Educating staff outside of the IT department is paramount to keeping a company secure. Showing the average employee how to identify an attempted attack and report it is essential to keeping your systems safe.
With sophisticated attacks becoming more common, not just from the Chinese but from a wide range of sources, all of which have various reasons and justifications for the attacks, the demand for cybersecurity professionals is obviously going to begin climbing.
President Obama's recent executive order on cybersecurity calls on businesses to work more closely with law enforcement and intelligence agencies to prevent attacks, and just last month, the Washington Post announced the Pentagon would be adding up to 4,000 new jobs (in addition to the current headcount of 900) to help combat cybersecurity. Although the story hasn't been confirmed by the Pentagon, it makes sense for the government to increase its cybersecurity head count.
The hiring spree shouldn't end with the Pentagon. Companies need to further the training of IT staff, bring in new experts and educate staff on how to mitigate exploits before their network falls victim to a potentially avoidable attack.