Shocking news came out this week when the U.S. announced that cybercriminals working for Chinese intelligence have been major players in the cyber warfare and ransomware epidemic plaguing US businesses, global corporations, and government entities.
The U.S. and its allies including NATO, the U.K., the European Union, Australia and Japan condemned the Chinese government for what they termed “malicious cyber activity” and, more specifically, they accused Beijing of the Microsoft’s Exchange server hack and resulting ransomware attacks launched earlier this year.
This might not seem like big news considering the long history of suspicion and assumed complicity by China in a multitude of cyberattacks. But the difference is a notable one. In the past, the U.S. has for the most part believed hackers employed by Chinese intelligence were going rogue as cybercriminals, while the government essentially turned a blind eye. The allegations this week however placed responsibility directly on the shoulder of the Chinese government.
And That’s a Big Deal.
China for its part has denied the allegations of state-backed hacking and cyber warfare, but the consensus is strong and, to be frank, nobody expects a mea culpa any time soon.
It is also interesting to note the different approach to cyberwarfare being driven by China versus that of the hackers operating within Russia’s borders. In 2016, the Kremlin took centerstage amidst the strong accusations of Russian “meddling” in the U.S. presidential elections. While the veracity of the claims is almost irrefutable, there has never really been accusations against Russia regarding state sponsored ransomware attacks. Instead, the general consensus is that the Kremlin gives cybercriminals “safe harbor” and, while not underwriting the attacks, certainly doesn’t mind the mayhem and cost to the U.S. government, businesses and the country at large.
In all likeliness, China really doesn’t have all that much interest in the monetary value of the ransoms – even the obscenely large payouts are pennies in comparison to the country’s massive budget. Instead, it is believed that China really thrives on the mayhem and destabilization caused by their state-sponsored hacks. In all likeliness, China’s engagement in cyberwarfare has been exacerbated by the increase in U.S. tariffs, our position on Taiwan’s sovereignty, and perhaps even as a diversion regarding COVID culpability. Sort of like a “you mess with us, we will mess with you” stance. The Russians on the other hand are more about using technology to wreak havoc on the U.S. government.
Let’s just say that if China and Russia were schoolyard bullies, China would be the kid poking sticks in the spokes of your bike, while the Russians would be the jerk who shoves you over the handlebars.
Cyber warfare is everywhere, but the lines tend to be blurry and less overt than, say, its nuclear counterpart. Just in the last few days, France is investigating whether Morocco hacked French President Emmanuel Macron’s phone. Pakistan has similar concerns regarding Israel-based technology company NSO Group using its Pegasus spyware to potentially hack a cellphone used by Prime Minister Imran Khan. Even the wife of murdered Saudi journalist Jamal Khashoggi was secretly targeted by Pegasus. And that is literally the tiniest tip of the gargantuan international hacking iceberg.
Conventional warfare is mostly overt. The Charge of the Light Brigade, the attack on Pearl Harbor, the Battle of Bunker Hill. If Russia or China shot down a U.S. aircraft tomorrow, the world would be on the brink of war. But cyberwarfare lines are much more blurry and attacks can sit dormant or unnoticed for months before rendering a target helpless. The new cyberworld order is a bit like a game of chess at this point – and the international players are all busy deciding their next move.
Businesses have never been more at risk from cyberattack as they are right now – and that risk trickles down to consumers due to the resulting threats to infrastructure, supply chain, and even access to healthcare.
The fact that the U.S. and its allies have taken such a strong position regarding China’s culpability in recent cyberattacks is a good starting point, but businesses need to take action to protect themselves.
In reaction to the recent Colonial Pipeline ransomware attack – and the potential for similar threats – the U.S. government is now calling on major pipeline companies to reinforce their cybersecurity and technology defenses.
In an effort to increase public awareness and cybersecurity preparedness, the U.S. is expected to publish a list of 50 tactics and procedures used by the Chinese state-sponsored cybercriminals when targeting U.S. networks, and will also likely include suggested technical mitigations and best practices.
Keep an eye out for our upcoming article in which we will review the list and discuss what it means to you and your business.
Stig Ravdal is the President & Founder of Ravdal, Inc., a leading cybersecurity company. He is an expert in the fields of cybersecurity strategy and technology solutions, and is available for speaking engagements.