4 Replies Latest reply on May 23, 2013 8:22 PM by katebrew

    Why SMBs might be more interesting for nation-state attacks than larger companies

    katebrew

      I participated in the ISSA Los Angeles security conference this week. While the media wants to depict the situation with the Chinese as Cyber Warfare, I heard an interesting observation at the conference: the US Industrial Revolution was based, in a large part, by intellectual property the US "stole" from England.   Take a deep breath and think about that.

       

      So, if we move forward in history, perhaps the Chinese are using a similar strategy against the US and other western countries.


      What is interesting about this is that it really makes the Small Medium Business (SMB) incredibly vulnerable.  Here's why: it is entirely likely that larger companies are creating "honey pots" of old information available for the Chinese and others to harvest, translate and chew on for a long time.  SMBs will not have the forethought or resources to do so. 

       

      So it may be likely going forward that Advanced Persistent Threats (APTs) may target SMBs over large companies and governments likely to create subterfuge with honey pots and the like.

       

      The conference presentation was thought-provoking to me...  Any thoughts out there?

        • Re: Why SMBs might be more interesting for nation-state attacks than larger companies
          Lawrence Garvin

          I'm somewhat skeptical that any commercial organization, other than those directly involved in the infosec profession, are operating any sort of a "honey pot", much less doing so for the purpose of feeding bad/false/fake information to the Chinese. Organizations don't have the resources or tools in place to monitor their operational production computer systems, never mind expending the effort to actively monitor a honeypot.

           

          I also think that the Chinese (and any other adversarial nation-state) are quite aware of exactly what they want to target, and those targets are being engaged directly via social engineering. Generally speaking, honeypots are designed to catch connections from "broadcast" malware ... stuff that goes out and pings anything that's alive and tries to replicate to it only because it is alive; I can't see any practical contribution a honeypot could make in the realm of directed social-engineering based attacks. We also know that modern sophisticated malware now has logic built into it to identify a "honey pot" and actively avoid it, so even that attack-anything malware is now intelligently avoiding honeypots, and the value of the honeypot is being reduced as a result.

           

          I'm not quite sure what the alleged theft of 18th century British intellectual property to fuel the Industrial Revolution has to do with 21st century attempts to steal military intelligence, and it wasn't until the 19th century that "intellectual property" became recognized as a protected entity. Some might take exception to the characterization of those events as "theft" in that time frame, and I'd also note that at the start of the Industrial Revolution (1760-1820), the U.S. was "at war" with the British for a good portion of that time, so who's to say what was "stolen" vs what was "spoils of war to the victor". :-)

           

          Nevertheless, it's no secret that nation-states have been actively trying to steal U.S. military intelligence since the U.S. declared independence.. Cyber-technology is just another means to the end.

           

          In the end, I disagree that SMBs are at any higher risk from nation-state based cyber attacks, unless it's an SMB directly associated with the military and has been identified as a value target.

            • Re: Why SMBs might be more interesting for nation-state attacks than larger companies
              katebrew

              Hi Lawrence,

              Thanks for the thoughtful response.  I love the "spoils of war to the victor" - but I sure hope that we don't fall victim to the same phenomenon in the attacks China continues to mount.  It's interesting, I heard a talk at FOSE last week by John Lee of Lee Core Consulting - he had some interesting observations about how China and others find the US incredibly naive - it's a clear cultural difference. 

               

              As for strategies the government and large US companies are using against APTs, I sure hope they are using some very clever deflection techniques.  I believe there are honeypot and other strategies in play that are, naturally, not shared.  It was interesting that John Lee suggested a strategy to try to have the Chinese attack your competitors rather than your company - a story of   "just running faster than the other guy, when a bear is chasing you - let the other guy get eaten."

               

              It's worth checking out what the most recent Chinese communist five year plan is targeting - previous five year plans have successfully targeted heavy manufacturing, then light manufacturing..  Those they now dominate.  Now they're targeting things like software and transportation.  More than a little scary.

            • Re: Why SMBs might be more interesting for nation-state attacks than larger companies
              jonathan at solarwinds

              Here's a related article on our sister "CMDPrompt" blog:

              Work in IT? You're a Military Target

               

              I tend to agree with LGarvin on the honeypots.  Where I've seen them, they've been a "hobby" of an InfoSec team, and once upper management finds out about them, they're usually toast. 

               

              If they really wanted to be evil, companies could just feed their current SharePoint or Notes site to an adversary.  That should slow them down for years with outdated information, unused policies, and unimportant tangents!