Have State-Sponsored Hackers Infiltrated Your Network?
U.S. officials—with the help of a few reporters—revealed earlier this month that Chinese hackers had broken into U.S. government servers and run off with the records of 4 million federal workers. This incident was not the first data breach blamed on China and it surely won’t be the last. Far from it. In fact, the targeted U.S. agency, the Office of Personnel Management, had suffered a breach at the hands of Chinese hackers less than 12 months before the latest breach.
State-sponsored hackers today don’t just seek military or political information, but also business secrets in order to conduct economic cyber-espionage. They steal intellectual property and business plans and provide them to Chinese state-run businesses to outwit their foreign competitors.
Chinese hackers are also allegedly amassing a giant database of U.S. government workers as well as its rank and file citizens. Consultants brought into investigate the Anthem data breach, which exposed 80 million customer records, believe that China was behind the breach or at least linked to the breach. In addition to Anthem, Chinese attackers stole the personal data of 4.5 million users of Community Health Systems.
Researchers speculate that China may simply be gathering data for intelligence purposes or using the data to help streamline their spear phishing and Advanced Persistent Threat (APT) efforts. Regardless of their motives, the Chinese government is not alone. State-sponsored attacks from Russia, North Korea, and other countries have also resulted in costly, large-scale breaches.
U.S. Government Response: Batten Down the Hatches to Prevent Future Attacks
U.S. officials have taken note of the threat imposed by cyberattacks. The FBI regularly issues industry alerts, such as a private notice distributed to healthcare providers warning them that “The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.”
In June, the U.S. government took its response public, announcing a 30-day “cybersecurity sprint,” and instructing federal agencies to beef up their cyber defenses. In a White House blog post, U.S. CIO Tony Scott states that “Technologies and systems of the past cannot keep pace with rapidly evolving and persistent cyber threats.” Federal agencies, according to Scott, must take a number of steps to further protect Federal information.
Specifically, the fact sheet advises federal agencies to:
- Immediately deploy indicators provided by the Department of Homeland Security (DHS) that can help detect malicious cyber activity.
- Patch critical vulnerabilities without delay.
- Tighten policies and practices for privileged users.
- Dramatically accelerate implementation of multi-factor authentication, especially for privileged users.
See Tony Scott’s blog post for detailed descriptions of these requirements. These guidelines will undoubtedly improve security and foil many types of attacks.
How A10 Networks Can Help Keep State-Sponsored Hackers Out of Your Network
State-sponsored hackers are well-resourced and persistent. They have the manpower, the time, and the advanced tools needed to penetrate the most secure networks in the world.
Building up the defenses to stop state-sponsored hackers is not easy. Organizations must bolster both security processes and technologies to identify and stop attacks. Following the guidelines set forth in the 30-day cybersecurity sprint is a good starting point. But many organizations may need to implement additional controls to stop state-sponsored hackers.
Organizations can begin by assessing their IT assets and locating sensitive data. Then they should identify risks and remediate vulnerabilities. They should also deploy security tools like intrusion prevention systems, data loss prevention products, and forensics tools to identify or proactively stop attacks. They should also securely authenticate users—as described in the cybersecurity sprint guidelines—and encrypt sensitive data in transit and at rest.
Here’s how A10 Thunder Application Delivery Controller (ADC) can help:
- Two thirds of Internet traffic will be encrypted in 2016. State-sponsored hackers, such as one of China’s “APT1” hacking initiative, leverage encryption to evade detection. Network-based security solutions need to inspect all traffic—not just traffic that is sent in clear text—in order to detect threats. Thunder ADC, with its high-performance SSL Insight technology, can intercept and decrypt SSL traffic, allowing third-party security devices to detect state-sponsored attacks hidden in SSL traffic.
- Thunder ADC offers secure authentication with its Application Access Management (AAM) feature. Supporting authentication methods such as client certificates, RSA SecurID, RADIUS, LDAP, SAML, and more, Thunder ADC can secure web applications and prevent attackers from bypassing user access controls.
- State-sponsored hackers may try to exploit application vulnerabilities to gain access to web servers or steal records from databases. With its integrated Web Application Firewall, Thunder ADC can block exploits and keep application data safe.
- Government spy agencies have access to telecommunications networks and can intercept traffic. The Edward Snowden revelations showed that the N.S.A. was able to capture data sent over the Internet. Organizations should assume that many other governments also can intercept communications over public networks. Therefore organizations should encrypt sensitive data sent over the Internet. Thunder ADC’s IPsec VPN feature helps organizations encrypt traffic at extremely high speed.
Organizations need a wide array of technologies to identity and stop state-sponsored attackers. A10 Thunder ADC can solve several of the most challenging security requirements and can do it at scale—without impacting application performance or slowing down users.
 From a notice distributed by the FBI to healthcare providers in April 2014, according to Reuters
 “Global Internet Phenomena Spotlight,” Sandvine, April 30, 2015
 “APT1: Exposing One of China’s Cyber Espionage Units”, Mandiant