Chinese Cyber-Attacks Came Through New IE Flaw

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved,

Security vendor McAfee says the attack that prompted Google’s threat to leave China, actually used a new zero-day Internet Explorer flaw

Adam Vincent, CTO for the public sector team at Layer 7 Technologies, said the incident proves the industry must continually scrutinise public cloud security procedures as well as those for its own internal network.

“People are already concerned about cyber-security; however, incidents like this one, from a purported government entity, bring a whole new dimension to cyber-security—one where corporations must not only protect themselves from malicious adversaries on the Internet but from well-organised and funded government organisations,” Vincent said.

The Chinese government has been at the center of numerous allegations of cyber-attacks and spying targeting the United States.

One of the most well-known examples from 2009 is the infamous GhostNet, which was believed to have infiltrated political, economic and media organisations in more than 100 countries before it was discovered in March. There were also allegations last year that the Chinese government was involved in attempts to hack the US electric grid as well as the Pentagon’s $300 billion Joint Strike Force. China denied involvement in both attacks.

All this raises the question of how US government and business officials should respond.

“From a policy standpoint, the United States should drive new standards in email protocols that do not allow for such attacks to exist,” said Sean Sullivan, security advisor for North American Labs at F-Secure. “The system has long been considered flawed, but the investment to fix it is considerable. Businesses with sensitive information to protect should consider the costs of allowing any attachments through their e-mail gateways. There are other alternatives.”

People should not be surprised any government is spying on another, but what is unique about this incident is its scale, said Eli Jellenc, head of international cyber-intelligence at VeriSign’s iDefense Labs.

“It has always been our presumption that attacks would reach this scale and level of sophistication at some point, but many of us did not believe it would be this soon or this brazen … The basic method of the attacks [is] well known to us and common for Chinese corporate and strategic spies, but the level of organization and planning necessary to execute a concerted attack campaign of this complexity marks a major increase from what we’ve seen in the past,” Jellenc said.