IT security professionals can no longer assume events around the world won't affect their U.S-based networks, according to a new global threat report from CrowdStrike.
Attacks on Sony, Community Health Systems and Home Depot dominated 2014 headlines and corresponded with an overall proliferation of foreign attackers focusing their campaigns on U.S.-based enterprises, the report found. In particular, targeted intrusion activity to achieve nation-state goals continued to present issues for security professionals.
Adam Meyer, vice president of intelligence, CrowdStrike, stressed in an interview with SCMagazine.com that the current global economy requires IT security professionals to use both their knowledge of technology and world events to strengthen their enterprises' defenses.
“One of the keys things that the guys on the front lines need to be doing is relating what they're doing with the needs of the business,” Meyer said. “Take the information from the enterprise security personnel and use that to make effective business decisions “
For instance, if an enterprise decides to do business with a Ukrainian supplier or a Vietnamese shipping organization, it could make the company a target for cyber attacks, Meyer said.
The report found that Chinese actors were especially active this past year, and CrowdStrike observed an uptick in the usage of PlugX Remote Access Tool (RAT) malware to target countries surrounding China's sphere of influence, as well as U.S. entities.
PlugX could allow attacks to log keystrokes, modify and copy files, capture screenshots or videos of user activity and perform administrative tasks. It's often delivered through a spear phishing attack.
An Iranian group, Flying Kitten, also sent ripples through U.S. networks when it began targeting a company in a defense industrial base in the U.S., the report says. The group later expanded its efforts to target enterprises in the defense and aerospace sectors. Iran, Meyer said, could represent a larger portion of attacks in the coming months, namely as revenge for economic sanctions put against them.
More than anything, the report's variety of threat actors and tactics demonstrate a need for savvy IT security professionals, Meyer said.
“We're seeing the adversary get kicked out and come back in again and again and again,” he said. “You as a network defender need to really know that adversary. Understand their thought process and motivations, and use that to defend yourself.”
Successful businesses hire “cyber intelligence” professionals who think at a broader level about what attacks have been observed in the past and how they can be prevented in the future, as opposed to reacting as the attacks happen, Meyer said. This is increasingly becoming the best way to thwart complex attacks.