Cyber threat hunting: combatting the new face of espionage


What do you think of when you imagine the world of industrial espionage? If it is undercover agents trying to recruit a mole or cracking safes to steal sensitive information, then you’ve probably been watching too many outdated films. The game has certainly changed.

The key elements to espionage and combatting it remain the same; the bad guys are still after data and it’s the good guys’ job to catch them. However, the contemporary battle is fought with keyboards and software rather than dead-drops and balaclavas.

As technology has become more sophisticated, the battlefield has increasingly shifted from the physical to the digital. With cyber war now being fought on a global scale, there is more onus on security than ever, and too many organisations are not taking the threat as seriously as they should.

>See also: The evolving face of cybercrime

It’s not a case of simply accessing an organisation’s sensitive data any more, but literally shutting down cities, or even a nation’s critical infrastructure. The scope of the threat is only likely to grow as the path of towards digitalisation continues. It is no longer enough to defend and react if you are breached. Taking a ‘bad-guy’ approach is a massive step forward when tackling your attackers in the world of cyber-espionage.

Where are the threats coming from?

The first step toward this is understanding where threats are coming from. When cybercrime first hit the scene, it was initially saw stand-alone criminals working toward their own, personal agendas. Those days are over, and nation-states have wised up to the potential benefits of digital warfare and cyber-espionage. Many countries are now actively recruiting hackers, and examples of this are prevalent every day – from China’s army of hackers, to Ukraine’s power grid being taken down by Russian cyber spies.

The U.K. and U.S. employ such tactics as well – Edward Snowden before the whistleblowing days comes to mind. For the hackers involved, the resources available as a result of state-backing are an incredibly attractive draw, providing an injection of equipment and cash that enables them to evolve their techniques rapidly.

>See also: Top 6 cyber security predictions for 2016

Understanding the source can give you a much better chance of discovering the motive. The reason a state-actor is attacking you might be entirely different from someone operating on their own accord. These reasons can range from trying to gain a competitive advantage, to disrupting a system or location – as with the Ukrainian power grid hack mentioned earlier. The motive of an attack can often tell you a lot about the method, and vice-versa. Hence, if you know the method, you can understand the target, and if you know the target you may have a better grasp of the method most likely to be used to infiltrate it.

Cyber-spy hunting

When looking for the motive, you must be able to think like a hacker. Catching criminals doesn’t happen by accident, and putting yourself in their shoes enables you to get a clearer picture of what their movements may be. Putting this into practice is imperative, not only in the aftermath of a breach, but in protecting yourself from one in the first place. If you can get into the mind-set of a hacker, you can actively seek out your own vulnerabilities, understand what tactics might be used to gain entry, and what data can be accessed using those methods.

In contemporary society, the methods have grown concurrently to the technology. Techniques such as ‘spear phishing,’ have benefitted hugely from the advent of social media. Platforms such as LinkedIn have given cyber-spies an ability to stalk employees online and learn enough about them to make a convincing approach and recruit them as an unwitting mole in their organisation. Taking advantage of the naivety of human actors and the vulnerabilities that employees pose to their organisation’s security is becoming common place in cyber-espionage.

>See also: How cybercrime became industrial-scale

Having knowledge of the potential techniques that a hacker might use can provide an invaluable weapon when fighting back against cybercriminals. A near constant gathering of information is the key to success here. You must have as many external sensors as you can, and participate in a vocal community that is sharing information.

Effectively, you are putting as many eyes and ears out there as you can – creating blanket surveillance of your systems and vulnerabilities – like covert agents. This visibility makes it easier to see attacks coming, and where your enemies will look to strike. You can then put up as many trip wires around these areas as possible. Hackers are constantly looking for the shortest and easiest route to the ground, and consistently being able to increase this distance is a sure-fire way to put them off.

Taking a proactive approach to security is often the most effective way of protecting yourself.  The sentiment “the best defence is having a good offence” really does ring true here. By taking the fight to attackers, you can stop them in their tracks and prevent breaches at the source.

With more sophisticated methods being used, and a greater volume of attacks, having a string force is mission critical. Now is the time to start thinking like a bad guy and fight back.


Sourced by Eric O’Neill, national security specialist, Carbon Black

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics