Guest editorial by Maxim Weinstein
On Wednesday, McAfee reported on a series of cyber espionage attacks dubbed "Night Dragon":
Here's a snip from their report (.pdf):
Starting in November 2009, covert cyberattacks were launched against several global oil, energy, and petrochemical companies. The attackers targeted proprietary operations and project-financing information on oil and gas field bids and operations. This information is highly sensitive and can make or break multibillion dollar deals in this extremely competitive industry.
McAfee has identified the tools, techniques, and network activities used in these attacks, which continue on to this day. These attacks have involved an elaborate mix of hacking techniques including social engineering, spear-phishing, Windows exploits, Active Directory compromises, and the use of remote administration tools (RATs).
Attacks like Night Dragon require specialized tools, expertise, and experience. The group behind Night Dragon needed to find -- or in some cases build -- backdoors, command & control servers, and other malware components. They had to apply figure out which SQL injection attacks would work effectively without detection. They needed the resources and the knowledge of how to purchase (likely with fake/stolen credentials) web hosting accounts around the world. And they needed to know how to put it all together into something that would work.
That criminal underground has developed around desktop malware, phishing, and spam of the kind that consumers and businesses deal with every day. This criminal activity has been successful enough over time to support an entire economy. We're beginning to see the ripple effects of such an economy in attacks like those on Google last year and this more recent spate of espionage. When policymakers and security experts talk about "securing critical infrastructure," they often talk about the direct threats, but you rarely hear anyone mention securing websites and consumer PCs. Yet success in cleaning up the Web and the endpoints might be as important for defending high-profile targets as developing the targets' own defenses.
* Maxim Weinstein is executive director of StopBadware, a non-profit anti-malware organization based in Cambridge, Massachusetts.