Last week, the New York Times reported that just three months after hackers working for the Chinese People’s Liberation Army went dark, they’re back at it again, targeting countless American companies and government agencies. The group is responsible for many high profile breaches – from Coca-Cola to RSA to Lockheed Martin. While many of us were not surprised by this recent resurgence of attacks, it is very troubling to note that “the victims were many of the same ones the unit had attacked before.”
So they’re back in. What’s the problem? I don’t think it’s for lack of trying. Certainly among our enterprise customers, everyone is heavily invested in the latest advanced threat tools and sophisticated security analysis and incident response teams. And I don’t think it’s because the Chinese have better attack tools. Our research indicates that their weapons are generally no more (or less) sophisticated than those of other criminal enterprises around the world.
It’s been widely noted that Chinese cyber attackers primarily target enterprise organizations for their trade secrets, collecting intellectual property for competitive advantage. They're not motivated by mindless pranks or feats of technical know-how – instead they’re highly focused and incredibly persistent. If you detect and shut down an attack, they are already coming after you with different attacks. Furthermore, they learn from failed attacks to improve their methods.
The Chinese, among others, continue to show that persistence pays off. By some estimates, 95 percent of enterprise networks are already penetrated. Once inside, attackers have been known to spend months, and even years, hiding out. This is when the damage is done – during the attack dwell time.
Clearly evolving our defenses for better threat detection is not enough. We need to engage attackers inside the perimeter to reduce attack dwell time.