Case studies

Global Cyber Executive Briefing

High technology

The high tech sector is often ground zero for cyber-attacks. One obvious reason is that these organizations have very valuable information to be stolen. However, another more subtle reason is the nature of high tech organizations themselves. High tech companies – and their employees – generally have a higher risk appetite than their counterparts in other sectors. Also, they tend to be early adopters of new technologies that are still maturing and are therefore especially vulnerable to attacks and exploits. For example, employees in high-tech are more likely to use (and self-administer) cutting-edge mobile devices and the latest mobile apps, which might not be secure. In addition, many high-tech organizations have open environments and corporate cultures that are designed to stimulate creativity and collaboration, but are more difficult to defend. As a result, high-tech organizations typically have a very large attack surface to protect.

Just as important, some parts of the high-tech sector provide an attack path into other sectors, since high-tech products are a key infrastructure component for all kinds of organizations. Technology is a key enabler, but it can also be a key source of vulnerability. For example, because of the tremendous need to establish trust on the internet, attacks on certificate authorities have caused serious privacy breaches across a number of industries (case #1). Also, vulnerabilities in point-of-sale systems have led to major security breaches for retailers, and back doors in communication hardware have exposed organizations in every sector to a wide range of attacks.

Speaking of back doors, the growing involvement of covert state actors in this area has been making headlines recently, causing serious reputational damage for the organizations involved.

For companies in the high-tech sector, one of the biggest threats is loss of intellectual property (IP). Having IP lost or stolen after years of investment can dramatically reduce an organization’s competitive advantage (case #2, which involved both IP and personal information). States and competitors are often the actors in IP theft; however, insiders are also a major threat. A single highly skilled insider with the right kind of access can quickly make off with huge amounts of valuable data.

Since many high-tech companies also offer online services, loss of customer information is another major threat that is highly visible, since many countries require disclosure when personal identifiable information is lost. However, IP theft might actually be more prevalent. It’s hard to know for sure based on media coverage since there is generally no requirement to disclose lost IP.

Hacktivism is another significant threat in this sector. High-tech companies create products that technically savvy people are keen to “hack” in the original sense of the word, which means using something for a purpose other than what it was designed for. Organizations that prosecute or sue people for this type of “hacking” may find themselves targeted by hacktivist groups, which can lead to great financial losses and reputation damage (case #3).

Fraudulent certificates lead to bankruptcy and a national security breach

Organization

A certificate authority that signs security certificates for organizations globally.

Scenario

The internet is based on trust and certificate authorities are at the heart of this trust. Hackers with ties to a foreign government obtained illegal access to the certificate authority’s servers and used it to generate fraudulent security certificates. These certificates were then used to enable fraudulent servers posing as the original servers belonging to highly used web services. This allowed the attackers to perform man-in-the-middle attacks, possibly intercepting and decrypting a tremendous amount of confidential communications.

Attackers and motivation

The individual who claimed the attack said he was driven by political beliefs. However, the way the fraudulent certificates were used and the fact that the attack took place over a relatively long period of time suggests state actors were also involved.

Techniques used

Apart from known hacker tools, some very complex attack scripts were used that were specifically developed to attack the certificate authority in question.

Business impact

The hackers generated more than 500 fraudulent certificates, which were then used to perform man-in-the-middle attacks against many well-known global services. The certificate authority could not guarantee revocation of the fraudulent certificates, which was completely unacceptable given that the organization’s sole reason for existence is to provide certification that is 100% trustworthy. The certificate authority declared bankruptcy shortly after the breach was made public.

Case 1

Leading software company loses face – along with customer data and source code

Organization

A large software vendor that sells software globally, with more than $1 billion in annual revenue.

Scenario

Hackers infiltrated the company’s network and downloaded more than 100 million encrypted user credentials, along with credit card information for millions of customers. In addition, the source code for a number of key products was stolen.

Attackers and motivation

No one has claimed the attack and information about the attackers is not publicly known. However, given the type of information stolen, it is likely this was the work of an organized group of cybercriminals aiming to use the stolen credentials for identity theft, and to sell the stolen source code for financial gain. Also, since the stolen source code was for a widely used application, it’s possible that the application itself will be used as an attack vector, since finding vulnerabilities is much easier with the source code in hand.

Techniques used

The company’s Chief Security Officer described the attack as “sophisticated”. Other than that, no details have been made public.

Business impact

This story made global headlines, dealing a severe blow to the company’s reputation -- especially since people expect better security practices from a software vendor. The company had to require more than 100 million users to change their passwords, and offered a large portion of their customers a year of free credit monitoring. In addition, the loss of its source code could significantly reduce the company’s long-term competitive advantage.

Case 2

Vengeful hacktivists force a leading online platform to shut down for more than a month

Organization

A very large technology company that sells products all around the world and operates a popular online platform.

Scenario

The online platform, which has millions of users, was attacked by a hacktivist group with a grudge against the company. The hackers managed to steal more than 70 million user names and passwords, as well as credit card information in multiple attacks spanning months. In the wake of the attack, the company was forced to temporarily shut down its online service, denying access to users for more than a month.

Attackers and motivation

Prior to the attack, the company had made some decisions in a public case that did not sit well with a particular group of clever hackers. This hacktivist group sought revenge by hitting the company with a very impactful attack.

Techniques used

The initial attack vector the hackers used to infiltrate the company’s network is not publicly known. What is known however is that the attackers spent a long time in the company’s internal network. During this time they discovered a number of vulnerabilities that could be easily exploited. Most likely they used a SQL injection attack against the online platform’s internet-facing servers to steal data from sensitive databases.

Business impact

The company lost personal and credit card information for more than 70 million users. Also, because the attackers were so deeply nested in the internal network, the company decided to close down the online platform for multiple months resulting in major financial losses. Customers were later compensated for the downtime, costing the company even more money. What’s more, the breach was reported in the news globally, badly damaging the organization’s reputation.

Case 3

Did you find this useful?