Following closely on the heels of the Pentagon’s unveiling of its budget proposal for fiscal year 2017, which included $7 billion for cyber operations and focused on countering the technological and military advances of China, security firm Crowdstrike released a report highlighting the threat posed by China to US cybersecurity.
Crowdstrike’s 2015 Global Threat Report revealed that today’s threats are fueled by geopolitical and economic events around the world.
George Kurtz, chief executive officer and co-founder of CrowdStrike explained, “Distant geopolitical events occurring in disparate parts of the world are actually creating ripple effects that wash up on the doorstep of industries and companies thousands of miles away in the form of cyber threats. Businesses and organizations ignore these geopolitical developments at their own peril if they do not allocate adequate resources and build the capacity needed to protect their information and networks.”
Last year, Crowdstrike security researchers forecasted an uptick in nation-state cyberattacks, particularly targeted intrusions, going into 2015. Adam Meyers, vice president of intelligence at Crowdstrike, explained in a blog post, “Western businesses and enterprises need to know that there are serious bad guys in North Korea, China, Iran, Russia and other countries working tirelessly on ways to get around our defenses to steal intellectual property, disrupt business and even destroy.”
True to the security firm’s predictions, 2015 saw a wave of China-based targeted intrusion activity. Chinese actors were behind numerous massive data breaches in 2015 that compromised the personally identifiable information (PII) of millions of individuals.
Although Chinese actors have shown little interest in targeting PII in the past, the report notes that these incidents may “hint toward possible new interests.”
The attacks on healthcare provider Anthem in February 2015, which compromised the health care data of nearly 80 million customers, as well as the breach of two other US healthcare providers, Premera and CareFirst, have been attributed to China.
Chinese actors were also behind the breach of the Office of Personnel Management (OPM), which compromised the sensitive information of approximately 4 million individuals associated with the federal government. In this case, the attackers obtained data collected through “Standard Form 86” (SF86), which must be completed by individuals applying for national security positions.
“Without doubt, access to this degree of PII for both successful and unsuccessful applicants represents a treasure trove of information that may be exploited for counterintelligence purposes,” the report stated.
The security researchers say there is no indication that PII theft will continue to be a trend in 2016; however, they say organizations in possession of PII that may hold counterintelligence value should be alert in the year ahead.
In September 2015, the US and China entered into a landmark cybersecurity agreement in which both nations agreed not to “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
“Beneath the surface, however, China has not appeared to change its intentions where cyber is concerned,” the report stated.
Cyber relations between the two countries became strained after numerous allegations of Chinese spying operations targeting the US over the past couple years. In 2014, Crowdstrike discovered a “massive and unrelenting” decade-long Chinese cyber espionage campaign dubbed targeting US space, aerospace and communications sectors.
Dubbed “Putter Panda” because the Chinese hackers often targeted golf tournament conference attendees, the group operated on behalf of Unit 61486 of the People’s Liberation Army (PLA) of China Third General staff department 12th Bureau headquartered in Shanghai.
That same year, five Chinese military hackers were indicted for computer hacking, economic espionage and other cybercrimes directed at six American victims in the US nuclear power, metals and solar products industries.
Although China may reduce its cyber activity for a time in light of the country’s new cyber agreement with the US, Chinese adversaries will likely resume cyber operations once intense scrutiny begins to subside. While in the spotlight, China will likely avoid an outright violation of the agreement, since economic sanctions could cripple the country’s economy, but a complete cessation of cyber intrusion is unlikely.
“Chinese cyber activity may shift dynamics, but it is not expected to cease anytime soon,” the report explained. “Beijing views winning informatized wars as integral to its rejuvenation as a ‘great nation’, and despite the promotion of domestically sourced innovation and technologies, China still has numerous intelligence gaps that cyber espionage can assist in filling to accomplish its long-term strategic goals.”
In today’s threat environment, effective intelligence will be vital in curbing breaches and protecting the intellectual property, jobs, revenue, and shareholder value of US businesses. CEOs and boards of directors must also acknowledge the global events driving these attacks in order to understand the motivations of their adversaries.
“Today, technology, processes and people are not enough to stop the threats that will continue to evolve in 2016 and beyond,” said Meyers. “Actionable intelligence is critical for fortifying a security posture; understanding adversary motivations and the reasons for their actions is critical to businesses being able to anticipate what they will do next, to whom, and why.”
