Cyber espionage seen as growing threat to business, government

Cyber espionage is getting renewed attention as fresh evidence emerges of online break-ins at U.S. research labs and targeted phishing against corporations and government agencies here and abroad.

It's no wonder that research firm SANS Institute has ranked cyber espionage No. 3 on its ”Top Ten Cyber Menaces for 2008,” just behind Web site attacks exploiting browser vulnerabilities and botnets such as the infamous Storm. 

“Economic espionage will be increasingly common as nation-states use cyber theft of data to gain economic advantage in multinational deals,” SANS Institute claims. “The attack of choice involves targeted spear phishing with attachments, using well-researched social engineering methods to make the victim believe that an attachment comes from a trusted source.”

Alan Paller, director of research at SANS Institute, adds that people should be aware that an “extraordinary treasure chest of information has been stolen,” and “the same people doing the military espionage are engaged in economic espionage using the same or very similar techniques to steal information from organizations that are working on business ventures in the attackers' country.” He offered no estimate as to how much cyber espionage is costing organizations.

Click to see: Top five cyber security menaces for 2008

Many have seen some form of cyber espionage up close.

“Absolutely there's espionage,” says Michele Stewart, manager of data security at Orlando-based AirTran Airways.
Members of AirTran's executive management team were recently targeted by phishing e-mail that sought to trick them into divulging confidential corporate information as well as attempted to place bot malware on their computers, she says. (Learn more about Messaging Security products from our Messaging Security Buyer's Guide.)

“The e-mail did get through our filter, but fortunately [our team] had the presence of mind to realize something strange was going on,” Stewart says. AirTran, which relies on Lancope network-behavior-analysis equipment to watch for anything outside the norm and conducts awareness training with employees, doesn't know who was targeting it, she says.

Separately, the U.S. Department of Energy's Oak Ridge National Laboratory (ORNL) last month acknowledged that about a dozen staff members fell for phony e-mail urging them to go to phishing sites or open attachments with malware.

Hackers not only infiltrated the ORNL network, accessing some nonclassified databases, but director Thom Mason told employees (via an e-mail message, ironically enough) it was all part of a “sophisticated cyber attack that now appears to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country.”

ORNL has officially declined to say more. But some security researchers close to the matter say investigations now point  to China.

“I work with the FBI as president of the InfraGard Philadelphia chapter, and the FBI thinks IP addresses link this to China,” says Tom Bowers, senior security evangelist at Kaspersky Lab, referring to the FBI-industry collaboration called InfraGard. The FBI itself wouldn't comment on the matter.