WASHINGTON DC: The discovery of the notorious 'state-sponsored' APT1 cyber attack campaign achieved next to nothing, according to FireEye chief operating officer Kevin Mandia.
Security firm Mandiant issued the report in February 2013 claiming to link a Chinese military unit based in Shanghai to an unprecedented international cyber spying campaign, codenamed APT1. During its peak the group is believed to have breached numerous high-profile US companies.
However, Mandia (pictured below), said that despite this high-profile revelation, the impact of the report since it had been published had been negligible.
"We raised awareness when we published the paper. We knew 141 victim companies were being targeted by people in uniform. Fast forward a year [and] nothing's happened. We didn't have the impact we wanted. We wanted to instigate change. But now espionage is primarily out of China and it's still going on."
Mandia, speaking at the MIRcon security conference, attended by V3, added that, while the firm did detect a slight lull in APT1 activity after the paper was published, its impact was affected by the subsequent release of the PRISM files.
"We had a little respite, they stopped hacking and went of the grid for 21 days. Then Snowden leaked documents the same day our two nations' presidents were meant to meet to talk about cyber space," he said.
"When we initially revealed the campaign, China insisted that our findings were 'groundless and baseless'. The timing meant that when the Department of Defence made the same accusation, for China [the allegations are] still 'groundless and baseless'."
The FireEye chief said that the lack of impact around the finding is dangerous as it has led many firms to ignore the increased cyber threat.
"We've noticed a difference in intrusions. There's drive-by shootings every day," he said.
"[For example] the last few attacks we've responded to has shown that the people stealing the cards are getting better. I want to know why. Everyone's getting more knowledgeable about forensics and upping their game. That's a challenge."
Mandia highlighted the recent breaches at US retail giant Target and financial services provider JP Morgan as proof of his claim.
The Target breach occurred in late 2013 and compromised over 40 million customers' credit and debit card accounts. The JP Morgan breach occurred in August and saw hackers compromise data belonging to 76 million households and seven million small to medium sized businesses.
The Target breach led the firm's then chief information officer (CIO) Beth Jacob to resign in March. Mandia warned that the current threat landscape means that no firm will be able to avoid an infection.
"If your network can be compromised it will be compromised. That's a reality. In 2000, unpatched machines would be compromised in 15 minutes. That's 2000, 14 years ago," he said.
"If you have a breach hopefully we can stop going 'who's to blame?'. Everyone's getting greased. We'll have a lot of competent CIOs looking for work if we do this."
Instead Mandia said that firms should take the breaches as a wake up call to rethink their security strategies.
He highlighted advanced threat analytics, information sharing and ubiquitous security tools protecting and scanning the network and endpoints as key steps firms must take to protect themselves.
Scott McVicar, managing director of cyber security at BAE Systems Applied Intelligence, told V3 in September that the advanced nature of many active cyber campaigns means firms must stop relying on perimeter defences and begin sharing attack data.
Using photocatalysts to convert carbon dioxide into usable energy such as methane or ethane
Trained on curated data from Moorfields Eye Hospital, the neural network also shows clinicians how it reached its judgement
Yokohama National University demonstrate technology that could lead to a fault-tolerant universal quantum computer
Top-of-the-range Threadripper 2990WX now available from Scan, Ebuyer, Overclockers, Novatech and Amazon