A new report by security provider CrowdStrike details the investigation of more than four dozen groups believed to have orchestrated the most sophisticated espionage campaigns in 2013, some of which targeted energy and technology firms, while others focused on foreign diplomats through watering hole attacks.
The company’s Global Threat Report looked at the techniques and tools employed in the attacks, the majority emanating from Russia, China, Iran, India, and North Korea,which are believed to have resulted in the loss of sensitive information and intellectual property.
The report specifically calls out Russia for its role in espionage activities targeting American, European and Asian energy producers, defense contractors, technology companies and government agencies in economic espionage operations.
“These attacks appear to have been motivated by the Russian government’s interest in helping its industry maintain competitiveness in key areas of national importance,” CrowdStrike’s Dmitri Alperovitch told Reuters.
The report also singles out Chinese actors for a unprecedented series of malware infections targeting foreign embassies by way of watering hole attacks through compromised websites and spear-phishing operations employing tainted documents in emails.
“Spear phishing is still the most common delivery mechanism for targeted intrusion operations; however, the frequency of SWC operations is increasing,” the report states. “CrowdStrike believes that this tactic will remain popular among targeted intrusion adversaries, and its use will likely continue to increase in frequency.”
In the following video interview from the BlackHat Conference in 2013, Dmitri Alperovitch (@DmitriCyber) – Co-Founder and CTO at CrowdStrike – discusses the application of offensive security and active defense.
“We started thinking about this new concept of active defense, and it’s really all about how do you raise the cost and risk to the adversary, how do you use detection capabilities that are focused on trade craft as opposed to specific indicators to find the attacker,” Alperovitch said.