What Is Cyber Espionage or Cyber Spying?
A simple cyber espionage definition is the malicious theft of data, information, or intellectual property from and/or through computer systems. Some methods include social engineering, malware distribution, advanced persistent threat (APT), watering hole attacks, and spear phishing, but this list is by no means all-inclusive.
Cyber espionage is constantly evolving in both complexity and hostility. According to one report, in 2018 alone, cyberattacks cost the U.S. government over $13 billion.
Cyber Espionage Examples
The following are a few examples of cyber spying and their intent.
Back at the end of 2009, there were repeated cyberattacks targeting specific information linked to Gmail accounts, mostly those held by Chinese human rights activists. At the beginning of 2010, the vulnerability was identified and given the code name “Aurora.”
In a similar vein, a couple of years later, a group code-named “Scarlet Mimic” began launching attacks to collect information on rights activists for minority groups. More recently, Scarlet Mimic has started to expand its cyber espionage attacks to mobile devices, not just PCs, marking a change in the group's tactics.
Also around 2009, researchers at the University of Toronto exposed a huge cyber espionage operation called “GhostNet.” Their investigation showed that countless computers connected to governmental systems with information pertaining to the Dalai Lama had been compromised and infected with malicious code having monitoring capabilities.
Targets of Cyber Espionage/Cyber Spying
Internal Information of the Company
A common cyber spying target is sensitive information held privately by an agency or organization for internal operational purposes. Some examples are operational data, research and development data, and salaries.
Intellectual Information/Intellectual Property
Cyber espionage can be used to target data related to proprietary formulas, secret projects, internal plans, or any other kind of private information related to projects and development. Really, it includes anything the attacker might be able to sell or profit from.
Information on Client and Customer
Data related to the marketing and services directed at the company’s customers is another kind of information cyber espionage operations target. It might include a list of clients, what services are provided, and at what cost.
Intelligence Concerning Market and Competitors
Another target of a cyber spying attack can be data regarding the marketing goals of an organization, as well as the knowledge it has obtained about its competitors, exposing the business to unfair market conditions.
How To Prevent Cyber Espionage
Check Access to Data Policy
Monitor access to sensitive, critical information. Often, data is easily available and accessible on the network to all users. Reviewing the organization’s policy and determining who needs access to what is the first step in protecting sensitive data.
Support BYOD (Bring Your Own Device)
BYOD is a relatively inexpensive solution, but to avoid the risks that can be incurred, management and maintenance software must be installed. Use a device control mechanism to restrict Universal Serial Bus (USB) devices and encrypt data. This prevents intentional or unintentional data leakage.
Monitor Unexpected Behavior
Configure firewalls and alerts to recognize normal behavior within the organization and to generate alerts for unexpected or abnormal behavior. As an example, most email leaks caused by malware can be prevented with minimal configuration to the firewall.
Protect Critical Infrastructure
One option available is to create multiple networks, one for intellectual property and another for corporate use. Then, only allow users to access the network they need. Additionally, determine what parts of each network must be accessed by each individual, and create policies to provide users with the necessary permissions.
What Is the Difference Between Cyber Espionage and Cyber Warfare?
Espionage is the activity of gathering secret or sensitive information for personal gain, technological purposes, or politics. It is not military action by intent. On the other hand, cyber warfare involves attacking and damaging critical computer systems. The intent is not just to steal information but to destabilize, disrupt, and force change.
Long-term cyber espionage may lead to cyber warfare, but not always. Also, cyber warfare often refers to actions taken by countries against businesses or systems critical to the health or wealth of another country. Cyber espionage, on the other hand, usually involves companies or organizations, but it may also include action taken by nation-states.
How Fortinet Can Help
Since cyber espionage can be both complex and hostile in intent, it pays for an organization to consult professionals and avail itself of comprehensive protection services. Fortinet can provide advanced threat protection and intelligence, allowing an organization to address current cyber threats and the latest trends. This enables them to quickly identify vulnerable entry points, understand threats before they become realities, and know what action needs to be taken.
The Fortinet suite of cyber espionage solutions includes FortiSandbox, the FortiGate next-generation firewall (NGFW), email security, web application security, and endpoint visibility and control. With actionable threat intelligence, real-time advanced threat protection, and native support of threat protection in the cloud, Fortinet provides comprehensive protection from the threat of cyber espionage.
What is cyber espionage or cyber spying?
Cyber espionage or cyber spying involves the malicious theft of data, information, or intellectual property from and/or through computer systems.
What are cyber espionage examples?
Some well-known cyber espionage examples are Aurora, Scarlett Mimic, and GhostNet.
What are the targets of cyber espionage?
The targets of entities that engage in cyber espionage include the internal information of a company, intellectual property, information on clients and customers, and intelligence concerning market and competitors.
How do you prevent cyber espionage?
Check access to data policy, support bring-your-own-device (BYOD) policies, monitor unexpected behavior, and protect the company's critical infrastructure.
What is the difference between cyber espionage and cyber warfare?
Cyber espionage is the activity of gathering secret or sensitive information for personal gain, technological purposes, or politics. It is not military action by intent. On the other hand, cyber warfare is to attack and damage critical computer systems. The intent is not just to steal information but to destabilize, disrupt, and force change.