The secret world of cyber espionage

What is cyber espionage?

Illegal cloak-and-dagger operations have been a part of politics and business for centuries. It’s not just governments spying on each other; corporate espionage – the theft of a company’s secrets – has grown ever more sophisticated and effective. Stolen data can be incredibly valuable, and just as damaging for the victim.

As corporations move their activities online, these illicit practices have evolved. Sensitive information is kept in secure databases and on private cloud storage. While there are many advantages to these new systems, they’re far from impregnable.

Cyber espionage: national VS corporate

Cyber espionage (not to mix up with cyberstalking) often involves breaking into databases and digital spaces to acquire private data. The stolen information can then be used by rival companies or nations, or sold to the highest bidder.

There are two primary targets for cyber spies – corporations, and governments.

• Governments – In recent years, cyber spies have become a key threat to national security in most countries. Many governments around the world have blamed China for hacks as recently as 2020. Cyber espionage is not to be confused with cyber warfare, although the two usually run in tandem. Even in peacetime, nations that cooperate and trade with each other have been known to use these methods.
• Corporations – Businesses are increasingly at risk from cyber espionage, with spies attempting to steal financial information, private patents, and more. Covertly accessing a competitor’s data has some obvious benefits for the attacker, and the leak of stolen information can reflect badly on the victim, damaging brand reputation and consumer trust.

Different forms of corporate cyber espionage

• Malware and viruses

An attacker can use malware to extort weaknesses in a system, track activity on a device, and spy on a user’s passwords. A malicious program can be delivered through a variety of channels, often without the victim even realizing that their device is infected. From spear phishing emails to malvertising redirects, cyber spies can force their malware onto a company device or server to gain the access they’re looking for.

• Attacking unsecured devices

For most corporations, their employees are the first line of defense against cyber espionage. Their personal and work devices can be attacked and used to access a larger network. With an increasing number of remote workers relying on unsecured Wi-Fi hotspots outside of the office, it’s no challenge for an attacker to hack the connection and spy on their activity.

• Cracking passwords

Cracking passwords is easier than many internet users realize. Most people choose simple passwords that can be cracked in just a few seconds. If a hacker cracks the password of the right employee, they could quickly access a range of sensitive information or launch further attacks using the compromised account. Strong passwords are paramount.

• Direct hacking

Hackers can also attack databases, cloud storage, and internal systems directly. This risk becomes much more serious when a business is slow to update their software. If an organisation or its employees forget to regularly download the latest security patches for their operating systems, they leave themselves vulnerable to extortion and spying.

Cyber espionage cases

Operation Aurora

In 2010, a wide-ranging cyber espionage operation launched against over 20 different corporations, including tech giants like Google and Yahoo. Although the organization behind the case – dubbed Operation Aurora – were never officially identified, it’s widely believed that China was to blame. The cyber spies used weak spots in Internet Explorer to hack user accounts and steal swathes of intellectual property, in a pattern that has been repeated many times since.

Operation Shady RAT

2006 saw one of the most extensive examples of cyber espionage to date. Using malware delivered through email links – referred to as RATs – spies targeted 70 separate organizations. Among them were The United Nations and the International Olympic Committee. Huge amounts of sensitive data was stolen, and while the culprits are still unknown, it’s telling that China was the only southeast Asian country where no attacks occurred.

The GhostNet Mystery

Another high profile cyber espionage case surfaced in 2009, with the discovery of GhostNet. By the time they were noticed, this mysterious network of cyber spies had already targeted over a thousand devices across the globe. From Germany to South Korea, embassies, government offices, and high-ranking officials had their files stolen. To this day, we still don’t know for certain who was behind the GhostNet.

How to prevent cyber espionage

Despite the growing sophistication of cyber espionage strategies, there are still actionable ways for companies to protect their data. Here are six steps that you can take today to limit the risks.

• Ensure that employees use a VPN

Make sure all your employees are using a reliable VPN. This service will encrypt the browsing data of a connected device, making it even harder for someone to access the company’s files through a single entry point. Rolling out NordLayer across employee hardware can limit the damage of a hack and improve secure communication channels within the network.

• Implement an Endpoint Security system

Every connected device could pose a threat to your organization, from internal servers to employee phones. Competitors can exploit an unsecured endpoint to gain access to password protected data elsewhere within the company. It’s crucial to know how and why to implement a company-wide endpoint security system.

• Use backup and encryption

Always backup your most sensitive data and keep it encrypted. This way, even if something happens to your main database, you’ll still have your backups. Encryption adds an additional layer of protection because even if someone manages to get their hands on your files, they won’t be able to read, corrupt, or sell them online. Try looking for a cloud storage provider that offers strong encryption as well – like NordLocker.

• Keep software updated

When operating systems and softwares aren’t updated regularly, they can become vulnerable to attacks. Malware and viruses will often try to exploit the weak spots caused by outmoded systems and browsers. It’s an essential part of best practice to install all available security updates on any company hardware wherever it’s located.

• Keep your databases segregated

A cyber espionage attack will always be more damaging if all of a company’s sensitive information is stored in one place. Keeping different datasets across a range of segregated digital storage spaces will limit how much a spy can steal in one operation. Even if a database or endpoint device is compromised, the damage can still be mitigated.

• Password protection

With brute-forcing programs available online, it’s never been easier to crack a password. Employees should be made aware of the risks they run by using weak or duplicated login credentials for personal and work accounts. To buttress cybersecurity within an organization, invest in a NordPass password manager for all workers.