For the last year or so, the cybersecurity world has prepared itself for Russian strikes intended to cripple its victims. Disruptions to the global food supply, the energy sector, and other critical infrastructures have all been attributed to nation-state-grade attacks stemming from the Russian bear.
In the world of cyber threats, Russia is the alpha, beating its chest and going after targets with ransomware and malware. This perception has intensified since the Ukrainian invasion. Cybersecurity experts have cautioned against future attacks targeting the West’s critical infrastructure and financial sectors.
In the meantime, China is hiding in plain sight. It eschews the glitzier ransomware and large-scale statement attacks that define Russian cyber aggression. It’s sneakier, targeted, and incredibly formidable. The threat posed by China and its state-sponsored threat actors is specific and requires a different security approach.
China Gets Back in the News
When U.S. House of Representatives speaker Nancy Pelosi visited Taiwan in August, she spawned a record number of cyberattacks against her host country. Government agencies and state-run transportation services experienced DDoS attacks, while hackers took over television screens at retail shops and displayed messaging intending to intimidate residents.
The cyberattack operation didn’t cause much damage but did serve to bring attention back to China’s cyber activities. And it does have experts discussing whether China or Russia poses the more significant threat. Rob Joyce, Director of Cybersecurity for the U.S. National Security Agency, told the RSA Conference audience in June that China is a long-term threat. He compared Russia to an unpredictable, destructive hurricane that causes significant and immediate damage. China is like climate change, which isn’t felt but poses a long-term existential threat.
A Different Type of Threat
At this point, China primarily uses its cyber skills to steal intellectual property. It’s far less interested in Russian-styled disruption and more interested in bringing stolen technology to China.
According to the Wall Street Journal, FBI Director Christopher Wray told business leaders in London, “The Chinese Government is set on stealing your technology – whatever it is that makes your industry tick – and using it to undercut your business and dominate the market.”
Victims of Chinese attacks don’t find themselves facing frozen screens demanding ransom payments. They often don’t even know their systems have been compromised until it is too late. For example, the U.S. military discovered that phenomenon back in 2011, when China released comber jets that bore similar designs to those of the F-35.
This past June, a Cybersecurity & Infrastructure Security Agency alert advised businesses to ensure that all software applications and operating systems used the latest versions and were patched as soon as possible. According to the CISA, “Since 2020, PRC state-sponsored cyber actors have rapidly conducted widespread campaigns to exploit publicly identified security vulnerabilities. This technique allowed the actors to access victim accounts using publicly available exploit code against VPN services or public facing applications—without using their own distinctive or identifying malware—so long as the actors acted before victim organizations updated their systems.”
Does China Have a Target on Your Back?
In 2015 China released Made in China 2025, the government’s ten-year plan to update China’s manufacturing base. It was the first part of a three-step transformation strategy intending to turn China into the world’s leading manufacturer by 2049.
The plan lists ten key sectors:
- New information technology
- High-end numerically controlled machine tools and robots
- Aerospace equipment
- Ocean engineering equipment and high-end vessels
- High-end rail transportation equipment
- Energy-saving cars and new energy cars
- Electrical equipment
- Farming machines
- New materials, such as polymers
- Bio-medicine and high-end medical equipment
Organizations in these industries or doing business with such companies should assume there is a target on their back.
Protecting Against the China Threat
According to HolistiCyber CEO Ran Shahor, companies facing nation-state-grade aggression from China have one advantage over Chinese Hackers – they know what China is looking for and can build sophisticated protections to ensure security. These organizations must prepare for data-loss prevention, exfiltration detection, and deception technologies.
Enterprises must focus on applying advanced protections for systems that house intellectual property. Those steps include network segmentation and enhanced monitoring to identify and stop underway attacks.
Chinese cyber attackers do not rely merely on phishing to gain access. Instead, they play the long game, waiting for vulnerabilities to open, striking quickly, and searching for unknown zero-day vulnerabilities. In 2020, they exploited two known vulnerabilities; in 2021, that number jumped to 12, and their abilities are only getting stronger.
In addition, organizations should apply countermeasures and deception techniques to make it annoyingly difficult to get to their crown jewels. Keeping attackers busy attacking decoys, fake databases, or expired data is a great way to make attackers go after lower-hanging fruit elsewhere and protect critical assets.
Protecting assets and keeping them out of the hands of the Chinese government requires a solid cybersecurity approach and ongoing commitment to maintaining a line of defense. Threat modeling is an excellent place to start, where the organization identifies its critical assets and relevant threat actors.
Using the map as a guide, organizations should develop a security plan that offers the best approach to dealing with the threats they face. As Chinese threat actors are looking to access and steal IP, companies should use solutions that isolate internet-facing services in a network demilitarized zone to reduce the exposure of the internal network. Security teams should monitor logs carefully for anomalies in user behavior and access and immediately remove or isolate any devices that are suspected to be compromised.
HolistiCyber can help prepare and secure organizations’ networks from Chinese infiltrations. Our consultants develop cybersecurity defense plans, map vulnerabilities, and create security programs to prevent nation-state-grade attacks from Chinese threat actors.
Learn more about our services. Contact us today!