How to protect ourselves from Chinese cyberwarriors

Users are the first line of defense, and might have stopped the attack. Technology could have done more, if companies had it.

Better user education might have played a role in stopping the apparent Chinese cyberattack on American businesses. Once targeted employees clicked on a link in an e-mail or instant message, however, most current security technology was defenseless.

"Companies are not prepared for nation-states attacking them in cyberspace," said Dimitri Alperovitch, Vice President of Threat Research at McAfee, Inc.

The U.S. today said it will file a formal protest with the Chinese government over the alledged attacks.

At the time I spoke to him late yesterday, Alperovitch said he had not "had any sleep in 48-hours" while working as part of his company's team responding to the incident.

"It was an incredibly sophisticated attack," Alperovitch said, cautioning that it had still not been positively confirmed as having originated from China, as Google has alleged and is widely believed.

Government and certain contractors have previously been subject to such attacks--and have protected themselves against them--most businesses lack such sophisticated protecton.

While refusing to name or even offer a number--Google says 20--of companies involved, Alpervoitch said all were large businesses whose names would be immediately familiar to most readers.

Most of the companies did not know they'd been attacked until they received a call from someone involved in the response to it.

While much of the news coverage has focused on attempts to hack the Gmail accounts of Chinese human rights activists, most of the attacks were industrial espionage, aimed at gathering valuable intellectual property from the targeted companies.

"A tremendous amount of work was done (by the attackers) in advance," Alperovitch said, citing the targeting of specific individuals, the discovery of a previously unknown method of compromising Internet Explorer, the development of program code for the exploit, and the effort made to prevent discovery of the attack and cover its tracks.

The attack began when targeted employees received an e-mail or instant message that, when clicked, delivered malware to the user's machine. Had the users not clicked the links, the attack would have been stopped.

The basic advice: If you are not 100 percent sure, don't click, seems to apply.

However, if the adversary is able to learn enough about specifically targeted individuals, it is possible to create a phishing link that would be very difficult for the targeted user to identify or software to block.

"Not a single security vendor had anything on it," Alperovitch said.

Previously-used technologies are defenseless. Those that rely on various types of signatures or databases only work for attacks that are widely distributed. Sophisticated attacks, such as this incident, may never be seen "in the wild" and find their way into traditional anti-malware applications.

(Now that the Chinese attack has been discovered, its signature has been added to commercial anti-malware applications and Microsoft is preparing a protective patch for Internet Explorer. Of course, the damage is already done and the original attacker is unlikely to use the same specific method again).

In order to prevent future attacks, businesses need to adopt security technology that looks for the telltale signs that sophisticated malware presents.

McAfee and other vendors have developed such technology for government and high-security customers. In this case, it would have looked at the file being downloaded and noticed, among other things, what its authors had done to obfuscate its true purpose.

Prevented from running, code would have been rendered harmless and administrators warned of the attempted attack.

This technology has only recently become available to commerical customers, Alperovitch said.

It is probably true that attackers--if they are well-motivated and well-funded, as state-sponsored attacks would likely be--will always have a bit of the upper hand over defenders.

If there is a bright side to this current incident, it is that we've been alerted to a real and present danger and that protective steps are available.

Our willingness and ability to invest in them remains to be seen.

David Coursey has been writing about technology products and companies for more than 25 years. He tweets as @techinciter and may be contacted via his Web site.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags GooglesecurityChinabusiness

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

David Coursey

PC World (US online)
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?