Page:Foreign Economic Espionage in Cyberspace.pdf/15

  =III. Emerging Threats=

A range of other potentially disruptive threats warrant attention. Software supply chain infiltration has already threatened the critical infrastructure sector and could threaten other sectors as well. Meanwhile, new foreign laws and increased risks posed by foreign technology companies due to their ties to host governments, may present U.S. companies with previously unforeseen threats.

Cyber threats will continue to evolve with technological advances in the global information environment. The following are emerging areas of concern that are likely to disrupt security procedures and expand the opportunities for collection of sensitive U.S. economic and technology information.  

Software Supply Chain Operations
Last year represented a watershed in the reporting of software supply chain operations. In 2017, seven significant events were reported in the public domain compared to only four between 2014 and 2016. As the number of events grows, so too are the potential impacts. Hackers are clearly targeting software supply chains to achieve a range of potential effects to include cyber espionage, organizational disruption, or demonstrable financial impact:


 * Floxif infected 2.2 million worldwide CCleaner customers with a backdoor. The hackers specifically targeted 18 companies and infected 40 computers to conduct espionage to gain access to Samsung, Sony, Asus, Intel, VMWare, O2, Singtel, Gauselmann, Dyn, Chunghwa and Fujitsu.


 * Hackers corrupted software distributed by the South Korea-based firm Netsarang, which sells enterprise and network management tools. The backdoor enabled downloading of further malware or theft of information from hundreds of companies in energy, financial services, manufacturing, pharmaceuticals, telecommunications, and transportation industries.


 * A tweaked version of M.E. Doc was infected with a backdoor to permit the delivery of software from the Ukrainian accounting firm a destructive payload disguised as ransomware. This attack, which was attributed to Russia, paralyzed networks worldwide, shutting down or affecting operations of banks, companies, transportation, and utilities. The cost of this attack to FedEx and Maersk was approximately $300 million each.

 12
 * A malware operation dubbed Kingslayer, targeted system administrator accounts associated with U.S. firms to steal credentials in order to breach the system and replace the legitimate application and updates with a malware version containing an embedded backdoor. Although it is not known which and how many firms were ultimately infected, at least one U.S. defense contractor was targeted and compromised.