It sounds like something out of a James Bond film. You say the words “cyber espionage”, and what springs to my mind is a Javier Bardem-esque villain, sitting in the shadows, syphoning through information that is being passed to him across the internet, waiting for an opportune moment to strike. And then Daniel Craig bursts through the door, unspilt martini in hand, shaken not stirred of course, gun pointed at Javier’s chest.
I won’t go into the dialogue, but needless to say, you’d be on the edge of your seat.
But while cyber espionage may sound more like fiction than fact, businesses around the world, and finance businesses in particular, are being targeted by attacks. In an age where data is everything, gaining access to a competitor’s data can see you setting yourself apart in the market. And some businesses and attackers are willing to use illicit means of gaining access to that kind of intellectual property.
What Is Cyber Espionage?
Cyber espionage is a type of cyber attack in which an unauthorized user tries to get access to sensitive information or intellectual property for reasons like monetary purposes, competitive advantage, or political motives.
But stealing is such a broad term, and often no ‘theft’ is necessary – simply preventing a company from accessing their data through corruption, illicit encryption, or a coordinated Distributed Denial of Service (DDoS) attack, can be enough to render a business helpless. Without access to their data, their operations grind to a halt, and their finances and reputation take severe hits. It’s a scenario that many companies are unable to recover from.
Why Are Financial Institutions Being Targeted By Cyber Espionage Attacks?
Finance is an extremely competitive industry, and one where the right information can make all the difference. It’s also an industry where reputation is absolutely everything. If a client feels that they cannot trust their bank, their insurance broker, their accountant, with their data, a relationship that has taken years, or even decades, to build can be lost in an instant.
This, on top of the fact that financial institutions deal with hundreds, if not thousands, of transactions and transfers of funds in a day, makes them an easy target for cybercriminals. For an attacker, it is a high risk opportunity, but a high reward pay-out if they succeed in infiltrating or manipulating data.
What Kind Of Information Do Cyber Espionage Attackers Target ?
Cyber espionage has a very specific aim. Unlike other types of cyber attacks, it intends to cripple a business rather than causing general disruption, holding data ransom, or trying to gain funds through deposit fraud. With this in mind, there are very specific types of data that espionage attackers target:
1. Company Data
Company information can be anything related to how your business operates, from the tools that you use, to your data structure, the technology and infrastructure that you have in place, and even details about the humans who work for your business. Employee data can be particularly dangerous, since it gives competitors the information that they need to poach your team members by offering them improved benefits and salaries.
2. Intellectual Property
Every financial business has its own IP, or intellectual property. It’s the core of your product offerings, the way that you predict trends, and your five- or ten-year plan for growth and development. When competitors gain access to this kind of information, they have the ability to place themselves ahead of the curve, offering solutions to your clients before you are able to finish developing them, or taking something that is unique to your business and replicating it to entice your clients away from you.
3. Competitive Intelligence
Competitive intelligence can range from information about the core markets that you are targeting, the demographics of your existing client base, or even the information that you have gathered about your own competition. Each piece of information, when sold to an interested party, can potentially give a competitor a chance to one-up your business by rolling out products and technologies before you are able to, or repositioning themselves as a bigger competitor in the market that you are hoping to move into.
4. Client Information
Information about your clients can range from company names and details, allowing your competitors to poach your clients and lure them away from your business, to personal data which can have far-reaching consequences if it becomes compromised. If personal data about your clients and customers gets leaked, your business could be facing fines and penalties from regulations like the EU’s GDPR or South Africa’s POPI Act, jail time in extreme cases, and a massive hit to your reputation.
What Methods Are Used In Cyber Espionage Attacks?
While data can be compromised in any number of ways, there are a few particular types of attacks that are common when it comes to cyber espionage:
1. Advanced Persistent Threats
Most espionage attacks are Advanced Persistent Threats, or APTs. This is when an attacker gains access to a system and then hides within it, gathering information over an extended period of time. Most companies won’t even realise that their data has been compromised, since the goal of an APT is to stay undetected for as long as possible. This gives the attacker the opportunity to amass a wide range of data, which can then be sold to competitors or leaked, causing immeasurable and often irreparable harm to a business.
2. Spear Phishing
One of the reasons that APTs are effective attacks is that an attacker can gain more and more access to information over time. But when an attacker successfully targets a senior member of staff during a spear phishing or whale phishing attack, they gain inordinate amounts of access straight off the bat. This is why spear and whale phishing, often using social engineering techniques, are also popular tools for cyber espionage attacks.
3. Malware
Whether it comes from a phishing mail, an illicit website, or a USB that has been found and plugged into a machine, malware gives attackers the opportunity to spy on a person’s actions, log their credentials, and view any data that the person may access. Malware is often used as a starting point for an Advanced Persistent Threat, but even when used on its own, it can cause a good deal of damage to a business, particularly if it goes undetected for weeks or months on end.
4. Ddos Attacks
I mentioned before that while cyber espionage is often associated with ‘spying’, the aim of these kinds of attacks is often to disrupt business operations. Distributed Denial of Service attacks are the perfect example of this. When multiple attackers are trying to access your site, network and systems at the same time in a coordinated attack, the result is that your systems will become jammed, resulting in your not being able to access them either. This can not only lead to frustration, but to your operations grinding to a halt as your team members become unable to access the data they need to do their jobs. The longer the attack lasts, and DDoS attacks have been known to go on for days or weeks at a time, the greater the damage to your reputation will become, as your clients will lose faith in your business, especially if you are a financial institution in charge of their assets and investments.
5. Insider Threats
While most espionage attacks in this modern age are cyber, there is still the potential for insider threats to cause damage to your business and your reputation. If an employee becomes unsatisfied or harbours malicious intent towards your company, there is the risk that they can compromise the data that they have access to. This can involve making copies of data to pass on to your competitors in the hopes of being hired by one of them, or using your intellectual property as collateral for finding a new position.
Some Examples Of Cyber Espionage In Action
When looking for examples of cyber espionage, most of the articles that you are likely to come across will list attacks like Aurora and GhostNet which took place in the early 2000s. But just because these kinds of attacks aren’t in the news as often as they were at the start of the millennium, does not mean that attackers are slowing down. Quite the opposite in fact. Over the past three years, there have been plenty of cyber espionage examples taking place.
With the outbreak of Covid-19 in 2020, and the rush for laboratories to develop vaccines and potential cures for the pandemic, there was plenty of opportunity for espionage from competing labs and countries who were not advancing as quickly as others. This saw countries like the United States, the UK, Spain, South Korea, Japan and Australia being targeted by attackers from Russia, Iran, China and North Korea.
In late 2020, high-level government departments in the United States discovered that they had fallen victim to an espionage attack which came to be known as the SolarWinds Hack. This is because attackers managed to infiltrate the departments through a Trojan virus that presented itself as an update to popular network monitoring software provided by Texas-based SolarWinds. Once they gained access, they proceeded to hide within the systems for up to nine months, gaining access to critical data for the departments over the extended period. It was only when SolarWinds themselves discovered the breach and notified their clients that government departments discovered the attackers lurking in their systems.
And while both of these examples of cyber espionage were targeting international countries, that is not to say that South Africa isn’t at risk. Between 2012 and 2021, South Africa fell victim to multiple alleged espionage attacks, with defence, maritime, research and energy sectors being targeted in particular. In one confirmed case of espionage, Transnet experienced an attack in July 2021, with ports in Cape Town, Durban and Gqeberha (formerly Port Elizabeth) being heavily impacted.
How Can You Prevent Cyber Espionage, And Protect Your Data Against Attack?
Because cyber espionage attackers aim to stay hidden in your systems for as long as possible in order to gather as much data as they can, it often takes a long time to realise that you have fallen victim to an attack.
But just because they are difficult to detect, doesn’t mean that it’s impossible. There are measures that your business can take to both prevent cyber espionage, detect attackers within your systems, and limit the impact of an attack should one occur.
1. Intricately Manage Access
One of the biggest risks that cyber espionage attackers pose to your business is how much access they can gain to your systems. This is why it is essential to carefully manage the users who are able to access your information. Ensuring that each user is given access to the data they need to do their jobs, without providing them with free reign, will ensure that if one of them becomes compromised, an attacker will only have limited access to information.
On top of this, ensuring that you remove access and permissions as soon as an employee leaves your company will reduce the risk of insider threats. They may have knowledge of how your business works, but they won’t have access to any information beyond what they already knew when they left the business.
Tools like Azure Active Directory and Microsoft SharePoint make managing the access and permissions that your team members have very easy to manage. You can even create Groups which provide users within them identical access, making it even easier to manage permissions by simply adding or removing a user from a particular Group.
2. Put Monitoring In Place
Setting up alerts across your apps that let you know when unusual activity has been detected can mean the difference between an attempted attack and a successful one. As I mentioned before, cyber espionage attackers want to stay hidden in your systems for as long as possible. Detecting them early on will make that impossible for them to do, and will limit the impact that an attack can have on your business.
Once again, Microsoft solutions are there to help. Between Azure Active Directory, Microsoft Cloud App Security, Microsoft Defender and Microsoft Advanced Threat Protection, there are plenty of tools available to help you detect unusual behaviour from your users which might indicate that they have been compromised, or that they are acting maliciously. But one of the tools that I find most useful is Microsoft 365 Security and Compliance Centre. This serves as the hub of your cybersecurity, and you can use it both to set up alerts that help you detect threats, and respond to them, all using the same software.
3. Setup Regular Cloud Backups
Data becoming compromised can have a devastating effect on a business. But if you are performing regular backups, the impact of an attack that corrupts your data or holds it ransom will be limited. The more often you are performing a cloud backup, the less threat data corruption poses to your business.
It is of course worth mentioning once again that data corruption is only one possible reason for a cyber espionage attack, and someone gaining access to your data in order to steal it for themselves or share it online will not be mitigated by performing backups. But it will mean that your operations will be able to continue uninterrupted, even if your systems experience, for example, a DDoS attack.
4. Setup A Routine For Software Maintenance
One of the most common ways for attackers (cyber espionage or otherwise) to gain access to your systems is by exploiting software vulnerabilities. This is precisely how the SolarWinds attack that I mentioned earlier occurred.
Software developers spend inordinate amounts of time testing their software for vulnerabilities and releasing patches and updates that ensure that the software is as secure as possible. But it is a company’s responsibility to ensure that these updates and patches get installed. It is all too common for users to delay installing updates for later, when they’re not quite so busy and a system restart won’t cause unnecessary delays. But ensuring that updates are installed as soon as possible will substantially reduce the risk of Zero Day attacks.
5. Secure Endpoint Devices
The weakest links in your business’ security are the people who work with you. Their devices, their cyber hygiene habits, their email security can all compromise your business, whether they intend to or not. But there are tools available to help you limit this risk.
Defender for Microsoft 365 not only helps to secure your emails, but it can be setup as a Cloud Security Broker, allowing you to improve your endpoint security by monitoring the apps that your team members are using, limiting their access to your business data, and implementing updates on devices remotely.
Then there’s Microsoft Intune, which allows you to manage your users’ devices, and the data being stored on them. When an employee leaves your business, or if a device gets stolen, Intune will let you wipe company data from the device, ensuring that it will no longer be accessible, and limiting the risk to your information being illicitly shared with external parties.
6. Regularly Review Your Cybersecurity Policies
Whether it’s a Bring Your Own Device (BYOD) policy that your company has implemented, a Disaster Recovery Plan or Incident Response Plan that is keeping you prepared for the worst case scenario, or a Cyber Hygiene policy which dictates how often your teams should be updating their software, resetting their passwords and more, regularly reviewing and updating all of the cybersecurity policies that your company has in place will help them to stay top-of-mind and increase their effectiveness.
It is also often in the process of these kinds of reviews, particularly when looking at policies on data access, that businesses are able to detect an existing threat within their system, or a gap in their defences which they can resolve before an attack is able to occur.
How Can Solid Systems Help?
As an IT company in Johannesburg, we have become well acquainted over the past 20 years with the threats that businesses face, both in the forms of cyber espionage, insider threats and email security threats. This is why we have moved far beyond simply providing exceptional IT support. That’s just a given.
Where our true value lies is in helping businesses to understand the cyber security threats that they face in today’s modern world, and mitigate as much risk as possible by implementing the right technologies, training teams on the best possible ways to use them, and effecting positive changes in human behaviour. We are always looking forward and helping businesses to plan their technologies, ensuring that they meet and exceed their goals, while never compromising on their company culture.
So, if you are looking for a company that will work with you to secure your business against a wide range of threats, including cyber espionage, get in touch with us today. Let us see you stepping confidently into the future.
Frequently Asked Questions (FAQs)
Cyber espionage threats can take a number of different forms, depending on who is doing the attacking. One of the most common methods of attack are Advanced Persistent Threats (APTs), where attackers gain access to systems and hide within them, gathering data over an extended period of time.
Other methods that are often used in cyber espionage attacks include spear phishing, malware, DDoS attacks and insider threats.
In an age where data is everything, gaining access to a competitor’s data can see you setting yourself apart in the market. And some businesses and attackers are willing to use illicit means of gaining access to that kind of intellectual property. Cyber espionage attacks can compromise, and often cripple, businesses who are unprepared for them.
While cyber espionage attacks like Aurora and GhostNet have been taking place since the early 2000s, two recent examples of cyber espionage in action include attacks on countries that were researching Covid-19 in 2020, and an attack known as the SolarWinds Hack which infiltrated a number of different US government departments in late 2020.
There are a number of reasons why attackers use cyber espionage, from financial gain in selling information to competitors, to competitors themselves wanting to put themselves ahead of the market curve, to attackers who simply want to cause chaos. But what most of these reasons have in common is the collection of large amounts of data, which can then be used to compromise a business and see it unable to operate.
There are four main types of data that are targeted in cyber espionage attacks:
- Company data relating to how a business operates
- Intellectual property, including five- or ten-year plans for growth and development
- Competitive intelligence that a business may have gathered about their market or their own competitors
- Personal data and client information