Two Chinese nationals were indicted for hacking into government and private companies, causing massive security breaches. This highlighted the increased complexities of outsourced technology providers that lead to more vulnerabilities and targets in sensitive systems. The Justice Department said on Thursday that the MSPs or managed service providers run and manage security, cloud storage and also heating-and-cooling systems connected to the internet for governments and companies globally. This allowed Chinese hackers to send custom spearphishing emails to employees of different firms who mistook those emails to be work-related. An email with ‘C17 Antenna problems’ as its subject line contained malware-infected MS-Word document ’12-204 Side Load Testing.doc’ as an attachment. Hackers then used the method of ‘island hopping’ to steal information from companies, said Tom Kellermann of Carbon Black. He added that Chinese hackers possess a lot of knowledge about how various firms are linked, allowing them to breach security through cloud environments. Then they move on to clients by leapfrogging and island hopping and colonizing huge areas of US cyberspace in the process.
The victims of these cyber-attacks included clients of the affected MSPs spread across a dozen nations belonging to spheres like finance and banking, consumer electronics and telecommunications, mining, gas and oil exploration, automotive, biotechnology, health care, consulting, manufacturing, packaging and medical equipment. Analysis showed that about half of the cyber-attacks by Chinese hackers had used the technique of island hopping. Such incidents, like the very recent data breach in Marriott that exposed information about travel of American workers which in turn gave rise to fears of espionage efforts being targeted, have given birth to concerns about safety and security of MSPs and government and private firms, all of which contain information about their employees. Thomas Moore of Signal Hill Technologies said that a hacker, without much thought or scrutiny most of the times, picks a business he wants to access.