China Is 'biggest state sponsor of Cyber-Attacks on the West'

Security threats from Chinese companies building 5G networks could end up "putting all of us at risk" if they are not tackled quickly, according to a former security minister. 

Speaking to Sky News, Admiral Lord West, a former First Sea Lord who served under Gordon Brown as a security minister, urged the government to set up a unit reporting directly to the prime minister to monitor the risk posed by Chinese equipment in 5G.

5G has been hailed as the next great leap for mobile communications, enabling everything from smart cities to hologram calls.
However, the best 5G technology comes from Chinese companies, raising the fear that China's government could have ground-level access to, even control of, the UK's critical data infrastructure.

China has become the biggest state sponsor of cyber-attacks on the West, primarily in its bid to steal commercial secrets, according to a report by one of the world’s largest cybersecurity firms.

Crowdstrike, which revealed the Russian hack on the Democratic National Committee in 2016, said China was now ahead of Russia as the most prolific nation-state mounting attacks on firms, universities, government departments, think tanks and NGOs.

Its analysis of thousands of cyberattacks in the first six months of this year revealed more than a third (36pc) were targeted at technology firms, with a particular increase in attacks on biotechnology companies aimed at stealing their research secrets and intellectual property. Pharmaceutical, defence, mining and transport companies were also hit.

It said cyber-hackers were using increasingly sophisticated techniques to breach Western defences by replicating established software to hack firms, hijacking a firm’s clients’ computers as a potential ‘Trojan Horse’ route into their target and using personalised ‘phishing’ emails to senior executives.

China has become a bigger threat after a reorganisation of the People’s Liberation Army (PLA) put hacking in the hands of contract firms, effectively privatising operations.

Free of previous Chinese state bureaucracy, they are run by computer science experts with extensive links into hacking forums and groups, says Crowdstrike, which provides cybersecurity for half of the world’s biggest 20 multinationals.
IT giant Siemens was the biggest victim of one Chinese contractor in the US called Boyusec and which is linked to one of the more advanced and active Chinese government-sponsored espionage groups.

Three Chinese nationals at Boyusec have been charged with stealing 407 gigabytes of data from Siemens energy, technology and transport businesses, according to an unsealed justice department indictment. Two other firms, Moody’s Analytics and Trimble, were also targeted.

All three are residents of Guangzhou and have been accused of using spear phishing emails to get access to the firms’ computer networks. Boyusec has been linked to a hacker group known as Gothic Panda, which in turn has been connected to the Chinese Ministry of State Security (MSS).

Of 116 “adversary” groups identified by Crowdstrike, the bulk of nation-state cyber-attackers are Chinese followed by Russia with 10, Iran with eight, North Korea with five and a smattering of others including Pakistan, India, Vietnam, South Korea and some middle east governments.

According to Crowdstrike, it is not just firms that have been targeted. One attack began when an employee at a think tank received a message ostensibly from a university professor hosting a series of webinars for students.
The employee was invited to join one of the webinars as an expert speaker on global politics and economics. The video-conferencing application they downloaded was actually a ‘Trojan Horse’ version of a legitimate desktop programme which planted malicious software in the think tank.

In its report, Crowdstrike said it had uncovered highly-sophisticated techniques by hackers to hide their tracks in attacks on universities, a target because of their valuable research financial and personal data resources.

“Academic institutions also have reputations for somewhat relaxed IT security procedures, providing adversaries with potential opportunities to easily build malicious network infrastructures to facilitate additional attacks elsewhere,” it said.

Investigators uncovered growing evidence of cyberattacks on NGOs working overseas, in one case watching a hacker returning to an NGO’s systems to “perform access maintenance” to ‘sleeper’ files it had planted in the organisation. China, which has been extending its worldwide influence particularly in Africa, was suspected of the attack because of the technology used but Crowdstrike said it had not been able to confirm it.

Crowdstrike warned criminal gangs were getting more sophisticated, adopting the more advanced tactics and techniques of nation-state hackers to plant malicious software for fraud or identity theft. It has also seen a surge in criminal gangs hijacking companies’ computers to use them to generate crypto-currencies, a trend attributed to the rise in the value of such currencies in the winter of 2017.

Jennifer Ayers, Crowdstrike vice-president, said her biggest fear was a destructive global cyberattack using ransomware like that which crippled the NHS in May last year. An alleged North Korean spy has been charged in connection with the attack.

“We saw it with the NHS where people had to resort to using pen and paper. You could easily take that to the next level where smart technology, power plants and power grids are affected. That’s why a destructive global attack with ransomware scares me the most.

“The world wasn’t prepared for ransomware. It took some days to recover but it took others months.”

Telegraph:           Sky

You Might Also Read: 

Russia Stands Accused Of Global Hacking Campaign:

 

« British National Cyber-Centre Thwarts Hostile Hackers
How Cyber Criminals Are Using Social Media To Hack Bank Accounts »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

4ARMED

4ARMED

4ARMED specializes in penetration testing, information security consultancy and security training

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

OSIRIS Lab - NYU Tandon

OSIRIS Lab - NYU Tandon

The Offensive Security, Incident Response & Internet Security Lab (OSIRIS) is a security research environment where students analyze and understand how attackers take advantage of real systems.

National Cyber and Information Security Agency (NUKIB) - Czech Republic

National Cyber and Information Security Agency (NUKIB) - Czech Republic

NUKIB is the central Czech government body for cyber security, the protection of classified information in the area of information and communication systems and cryptographic protection.

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.