Cyberespionage is a type of cyberattack that involves an unauthorized user (or multiple users) accessing a victim’s sensitive information to secure financial, competitive or political gain. Also known as cyber espionage, the primary targets of such cyber attacks are government entities, large corporations and other competitive organizations.
Cyber criminals may use cyber espionage in an attempt to collect classified data, trade secrets or intellectual property (IP) from their victims. From there, cybercriminals can sell this information for profit, disclose it to other parties, or use it in connection with military operations, potentially threatening their target’s reputation and overall stability. Often, cyberespionage is spread across international borders by nation-state attackers.
In recent years, cyber espionage has become a growing problem, especially in some countries. In fact, the FBI recently reported that the United States currently faces a cyber espionage threat from China that is “unprecedented in history.”; The FBI confirmed that the Chinese government, through advanced malware and hacking programs, has targeted nearly every sector of the U.S. economy and stolen more personal and business information from Americans than all other countries combined.
With this in mind, it is critical for businesses to understand cyber espionage and know how to effectively mitigate such incidents. This article provides a detailed overview of cyberespionage, outlines real-world examples of these cyberattacks, and offers key preventative measures businesses can implement to protect their operations.
Although cyber espionage often involves nation-state attackers, it is not interchangeable with cyber warfare. While cyber warfare is conducted with the intention of noticeably disrupting a target’s business or activities, the goal of cyber espionage is for the perpetrator to remain undetected by their victim for as long as possible, allowing them to gather maximum information. Nevertheless, the information gathered from cyber espionage operations can be used later in the midst of cyber warfare.
Any government or company can become a victim of cyber espionage. However, the US Department of Homeland Security reported that organizations in the US, UK, Japan, Russia, China and South Korea are particularly vulnerable. After all, these countries have high-income economies and advanced technological infrastructure, making them more attractive to cybercriminals.
When exploiting cyberespionage, perpetrators can attempt to access a wide range of data from their targets, including:
- Research and development activities
- Critical organizational projects or IP (eg product formulas and blueprints)
- Financial information (eg investment opportunities, employee salaries and bonus structures)
- Sensitive stakeholder data
- Business plans (e.g. upcoming marketing, communications or sales initiatives)
- Political strategies or military intelligence
Cybercriminals can engage in a variety of tactics to carry out cyberespionage, such as:
- Exploiting security flaws in websites or browsers that a target frequently visits and infecting them with malware to compromise the victim’s technology (as well as any data stored on it)
- Using phishing scams (ie, fraudulent emails, texts, or calls) to steal credentials and gain unwanted privileges within a target’s network
- Impersonate employees or contractors and physically go to a victim’s workplace to steal hard copies of data or infect devices with malware
- Bribe actual employees or contractors to share a target’s sensitive information in exchange for payment
- Infiltrate another party in a victim’s supply chain and use that party’s digital privileges to compromise the actual target’s network
- Inject various forms of malware (eg, Trojans and worms) into updates from third-party software, hijacking a victim’s technology when installing those updates
In any case, cyber espionage can lead to serious consequences for affected organizations. Worse, as cybercriminals’ tactics become more sophisticated, these incidents may become more common.
Examples of cyber espionage
Over the years, several large-scale cyber espionage incidents have occurred, including the following:
- The Microsoft Internet Explorer incident– Between 2009 and 2010, Chinese cybercriminals exploited a security vulnerability in Microsoft Internet Explorer to conduct cyberespionage against at least 20 international media and technology companies, including Google, Yahoo and Adobe. Google reported that cybercriminals, later coined the “Aurora” attackers, stole various IP addresses from the company and compromised numerous Gmail accounts.
- The incident with the US Office of Personnel Management (OPM).— In 2012, Chinese cybercriminals used malware to establish a digital backdoor within OPM’s network. For years afterward, the nation-state attackers used this backdoor to engage in cyberespionage, stealing personal information from more than 20 million Americans—namely, those who worked or applied to work for the federal government. The backdoor remained undiscovered until 2015.
- The Sony Pictures Entertainment (SPE) incident.— In 2014, a North Korean hacker group called “Guardians of Peace” launched cyber espionage against SPE in the months before the entertainment company released a film depicting the assassination of the nation-state’s leader. The cybercriminals used malware to compromise SPE’s network and publicly expose a significant amount of sensitive company data, such as employee personal data, email exchanges between staff, information about executive salaries, copies of unreleased films and plans for future films. The incident significantly affected the film’s release and received the attention of the US government.
- The SolarWinds incident— In 2020, the US government discovered that a Russian hacker group called “Cozy Bear” had conducted cyber espionage against several federal agencies and large organizations by infiltrating a common party within their supply chains. The hackers initially infected technology company SolarWind’s network monitoring platform with malware before using that platform to access sensitive data and confidential emails from various US government departments and private organizations. The incident is estimated to have affected over 18,000 of SolarWind’s customers.
Given these incidents and their associated fallout, it is clear that businesses must take steps to properly protect themselves against cyber espionage.
Cyber espionage preventive measures
Companies should consider implementing the following best practices to protect their business from cyber espionage:
- Train employees. Ensure employees receive training on cyber espionage and related prevention tactics. Specifically, employees should be instructed to never respond to messages from unknown senders, avoid interacting with suspicious links or attachments, and refrain from sharing sensitive company information online. Additionally, employees should be required to create complex and unique passwords for all workplace technology.
- Protect critical data. Review and update existing cybersecurity policies to ensure they promote maximum data protection. Implement new policies as needed (eg a Bring-Your-Own-Device policy and data breach policy). Furthermore, encrypt and store all critical data in safe, secure locations.
- Restrict access. Allow only employees to access the technology and data they need to perform their job duties. Require employees to implement multi-factor authentication whenever possible.
- Utilize adequate software. Protect all workplace technology (and the data stored on it) with appropriate security software. This software may include endpoint detection tools, antivirus software, firewalls, network monitoring services, and patch management products. Review this software regularly for vulnerabilities and make adjustments as needed.
- Assess supply chain exposures. Assess whether providers have adequate measures to protect against network infiltration by cybercriminals. Consider including specific cybersecurity requirements in all supplier contracts and keep the amount of sensitive information shared with these parties to a minimum.
- Have a plan. Creating a cyber incident management plan can help ensure that necessary protocols are in place when cyber attacks occur, thereby keeping related damage to a minimum. This plan should be well documented, practiced regularly, and address a range of cyber attack scenarios (including cyber espionage).
- Buy proper coverage. It is crucial to secure adequate insurance to protect against losses that may arise from cyber espionage. It is best to consult a trusted insurance professional to discuss specific coverage needs.
Are you worried about your company’s cyber risk? We are here to help.
Ultimately, cyber espionage is an urgent problem that businesses must take seriously – especially as cyber threats from nation states continue to increase. By understanding cyber espionage and implementing adequate prevention techniques, companies can effectively protect themselves against these incidents and minimize associated losses.
If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your business from unnecessary risk. You can download a free copy of our eBook, or if you’re ready make Cyber Liability Insurance part of your insurance portfolio, Request a quote or download and get started with our Cyber & Data Breach Insurance Application then we’ll get started for you.