02:30 PM
Terry Ray
Terry Ray
Connect Directly
E-Mail vvv

Collateral Damage: When Cyberwarfare Targets Civilian Data

You can call it collateral damage. You can call it trickledown cyberwarfare. Either way, foreign hacker armies are targeting civilian enterprises as a means of attacking rival government targets.

We're in the dawn of the age of global cyberwarfare: Nation-state hackers are knocking out critical infrastructure. They're disrupting lines of communication. They're stealing military technology. They're sowing discord and confusion.

But they're also attacking nonpolitical "civilian" targets — businesses, schools, hospitals, and the like — to reap the rewards of low-hanging political fruit. These attacks comprise what some call "trickledown cyberwarfare," and these civilian data stores are the new battleground.

For example, about three years ago, the US Department of Defense issued a warning that foreign nation-state hackers were targeting not only government contractors with advanced persistent threats (APTs), but also academic institutions. The FBI reportedly issued a similar warning on the same day, indicating that Chinese hackers were equally interested in compromising sensitive data held by commercial enterprises in the US – specifically including companies in aerospace, entertainment/media, healthcare, and telecommunications networks.

Both warnings came on the heels of a substantial attack originating in China against the University of Virginia — specifically targeting two employees conducting work related to China. The school was noted for its numerous connections to large government contractors and intelligence agencies in the US, as well as to the DoD in general.

The Attraction of Civilian Data Targets
Unfortunately, this is par for the course for private-sector businesses and NGOs. Sometimes the breach is to get a critical piece of political or military information to be used later. Sometimes it's to steal intellectual property or research so that the hacking nation can get a competitive boost in the economic and/or military might. Sometimes it's to cull some personal information about someone with the right security clearance — which may mean orchestrating a super-breach, compromising several million other accounts along the way.

Notably, these breaches aren't about anything so pedestrian as identity theft or credit card fraud. Instead, the goal is to use the information gleaned as a jumping-off point — to allow escalated access to yet more critical information. This is especially the case with healthcare organizations, where the right juicy health-record tidbit about a well-placed employee (or family member thereof) of a government arm can be used to extort some small amount of extra information or escalated access, turning that employee into an inside-attack threat.

This may sound conspiracy-theory-esque, but enterprises have been seeing these very real threats over the past few years — and will see them in greater numbers through 2019 and beyond. Nation-state hackers aren't going after the private sector and academia in the absence of anything better to do. They're doing it because their efforts can pay off big dividends in the long run when it nets them secret and useful economic, military, and national-security information down the road.

Plus, it's often a heck of a lot easier to hack a company or academic institution than it is to hack a federal agency or military contractor because the former isn’t often paying enough attention. It may know where its data originated or is supposed to be, but it may not be able to identify all of the places where its data has migrated.

And that's assuming we're talking about data that a given organization already perceives as important. As we've seen with these types of attacks, though, one man's junk is another man's treasure.

How to Duck and Cover
Therefore, organizations need to be far more informed about their data — and not just the data they perceive as top priority. To best guard their data stores, organizations have to rely on more than their internal priorities alone because so many other perspectives and variables are at play.

The only thing they can do, then, is to watch their data. All of it.

This task is less daunting when applied as the first, foundational step of an infosec strategy. Once you've begun monitoring all data across the board, you can easily apply analytics to the activity logs generated from your data monitoring, building a model of your entire data user population. Now you can more effectively analyze all data user-data interactions — without yet having had to identify (much less prioritize) a single bit of data.

After all, whether they are common criminals or sophisticated cyberwarriors, we know that attackers will always want to break into our databases. So we need to be looking at the databases. Otherwise, we're asleep at the switch.

Related Content:



Terry Ray has global responsibility for Imperva's technology strategy. He was the first US-based Imperva employee, and has been with the company for 14 years. He works with organizations around the world to help them discover and protect sensitive data, minimize risk for ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Moderator
2/11/2019 | 12:35:37 AM
Laymen attacked
We should be more concerned of the invasive nature of hacking. This is because today, hackers are hitting the ground more as compared to previous attempts of just focusing on major corporations. Laymen are now affected as well which is getting scarier as we speak. Confidential data which we would have previously deemed as safe is now at stake.
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
PUBLISHED: 2019-02-15
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.