Little Miss Muffet
Sat on a tuffet,
Eating her curds and whey…
Cheese curds are one of the great delicacies known to humankind. The salty little cheese bits are the quintessential Wisconsin snack. Being from Wisconsin, I have an abiding fondness for cheese curds, an affection I apparently share with Gene Cate, who together with his wife Lori and sons own and operate Cate Welding in Belleville, Wisconsin, a little village nestled just outside the great metropolis of Madison. Another thing I have in common with Mr. Cate is that until recently, neither of us suspected that an old computer server used in Cate’s case to operate the family business, could be infiltrated by Chinese hackers and deployed to attack targets around the world.
Mr. Cate learned from a Silicon Valley-based threat intelligence provider that his server had been weaponized. I learned about it by reading this article in the New York Times: “The Chinese Hackers in the Back Office.” The article reveals how Area 1, a company run by former NSA analysts, came to Belleville to inform the Cates’ that their server had been taken over by a group of Chinese hackers known as the Codoso Group. Area 1 identifies and tracks digital attacks against businesses.
The Cate’s agreed to help Area 1 thwart the Chinese. Area 1 added their server to a network of compromised servers being monitored to gain insights into how Codoso Group operates that could be shared with Area 1’s clients. Over time the Cate’s learned “The Codoso group had used their server to pilfer a law firm’s due diligence on an impending acquisition, a financial services firm’s confidential trading plans, a mobile payment start-up’s proprietary source code, some blueprints and loan applications at a mortgage company.”
What’s interesting about this story is what it tells us about Cyber Threat Intelligence (CTI), an emerging industry in acquiring and selling intelligence about attack groups. Many cyber attacks use similar methods and approaches, with attackers adapting their products in an effort to keep ahead of the antimalware industry and security professionals. It follows that there is an increasing likelihood that some organization or group has encountered the attack before. Cyber Threat Intelligence offers the ability to recognize and act upon known indicators of an attack so that the attacks can be thwarted before they are successful.
Cyber Threat Intelligence is rapidly being adopted in both business and government. Market research company Gartner forecasts the market for threat intelligence will reach $1 billion next year, up from $255 million in 2013. That will buy a lot of cheese curds.
By Tom Davis, SDI Cyber Risk Practice
June 21, 2016