Chinese Espionage is Back on Track: What Businesses Need to Know

Cyber espionage is rife, and executives need a plan. Dan Schiappa takes a look at how organisations can batten down their cloud hatches

The stakes just got higher in the world of cyber espionage.

A vulnerability in Microsoft’s cloud security has enabled Chinese hackers to breach government emails and maintain their access for more than a month, raising new concerns about the offensive cyber capabilities of foreign adversaries and the sanctity of cloud computing as a concept. Despite the severity of the attack, business leaders shouldn’t make any rash decisions around cancelling their cloud migration.

As an industry, we shouldn’t blame Microsoft for this attack. It’s something no security company is immune to. The Chinese state-sponsored attackers, identified as Storm-0558, were able to gain access to roughly 25 organisations, including some government agencies, through forged authentication tokens used to verify a person’s identity. They exploited a vulnerability identified by the US government and subsequently patched and remediated by Microsoft.

State-sponsored and targeted attacks like this can persist for extended periods without running out of financial or technical resources. It’s unsurprising that a tech leader was used as the entry point, even with the most cutting-edge security at its disposal.

Should businesses be worried about espionage?

Realistically, this won’t be the last headline-making story of this nature. We’ve been warning of a surge in Chinese state-sponsored activity in the cybersecurity community for a while now as the domestic and geopolitical tensions with China continue to rise. It is important to remember that Chinese threat activity is not financially motivated. Instead, it focuses on spycraft, which lends itself to long-term, undetected attacks.

“We’ve been warning of a surge in Chinese state-sponsored activity for a while now”

It’s important to look at the big picture of this incident, with the backdrop of the current technology race between China, the US and Europe, particularly with the rise of AI. Its critical research, development, and government data are protected from prying eyes as AI becomes the new battlefield for the tech cold war.

Businesses need to take their cloud security more seriously. Although the average company is likely more concerned about financially motivated ransomware gangs like Clop, it’s important to remember the ever-present issue of supply chain attacks, where criminals use smaller companies as stepping stones to larger, more valuable targets. An unassuming third-party vendor could be a vehicle of intrusion and intelligence gathering for businesses with government contracts or relationships with those involved with bleeding-edge technology research or military-grade operations. History has shown these types of attacks to be devastating. SolarWinds in 2020, for example, compromised the data of thousands of businesses and government agencies through a supply-chain attack.

How should businesses respond?

The lesson business leaders should take away from this isn’t to immediately switch to a private cloud. Instead, they should continue using their public cloud but work with security experts to help secure cloud infrastructures.

State-sponsored attack techniques can change almost overnight, so keeping up with the latest tactics by purchasing new security tools every week is neither effective nor financially sound.

“AI becomes the new battlefield for the tech Cold War”

Rather, businesses should understand their defences are only as strong as their least security-aware employee and seek to improve their security as an organisation. A great way to do this is to invest in a cyber insurance policy, which can provide support in the event of an incident and help set organisations on a formal path to better cyber posture. Introducing basic security controls like multi-factor authentication (MFA), proper password policies, and working with an in-house or external security operations centre to achieve 24/7 monitoring can also shore up an organisation’s defences.

Finally, patching even the smallest vulnerability and enforcing a culture of security across all users, particularly as forged authentication tokens and stolen credentials run rampant on the dark web, can be the difference between an incident and a close call. Leaders, meanwhile, should lay the groundwork for the best operational security practices by conducting tabletop exercises, phishing tests and mandating security awareness training for all employees, from top to bottom.

Even if a business is not the intended target, leaders must be aware they could be the vehicle of nefarious activity, be it financially motivated cybercrime or cyber espionage. Between the conflict in Eastern Europe and rising cyber tensions with China, leaders must keep a close eye on their security practices and ensure they are in the best position to protect their customers and networks.