Where did all those advanced persistent threats go? That’s the question FireEye is apparently asking after blaming poor earnings on a decrease in Chinese-US cyberattacks. FireEye’s claim was met with some amusement on Twitter, but is it possible that government policy really has had such a direct impact on cybersecurity?
Cast you mind back to September 2015, when Barack Obama and Chinese President Xi Jinping reached a deal to curtail state-sponsored hacking. At the time, few analysts thought cyberattacks would tangibly decrease, believing Jinping was simply concerned by the threat of US sanctions against those profiting from cybertheft. Flash forwards to April 2016 when FireEye claimed that none of the 22 Chinese hacking groups it monitors are actively attacking US companies.
CEO Dave DeWalt believes the Chinese really have changed their tune, commenting:
“The frontal assault the Chinese military had on commercial operations in America was in pretty high gear for a few years here…but the pivot of China policy is causing some differences.”
According to DeWalt, the Chinese are now moving away from hacking in favour of “partnering with foreign firms, or even acquiring them outright” as they embrace cutting-edge industries like artificial intelligence and biotechnology where there’s simply less benefit to stealing from others. In short, the Chinese aren’t catching up any more – they’re ready to overtake.
FireEye gets flamed
Unfortunately, the bold suggestion that the Chinese are cutting-back their activities has been met with scorn by the wider security community. Tanium, CrowdStrike and Trend Micro have all rebutted FireEye’s claims, saying they haven’t seen attacks decrease.
As a leader in the security space that’s been instrumental in driving forward new approaches and methodologies – such as linking threat intelligence, breach detection and incident response – it’s a shame to see FireEye feeling the ire of its critics. However, the hot water FireEye now finds itself in also says something about its approach to Threat Intelligence.
FireEye’s threat feeds and research are fundamentally designed for mass consumption. The company doesn’t take localised knowledge of the end-user’s environment into account, settling instead for best-guess, generic assumptions. As our recent whitepaper explained, that means it’s possible to create a great deal of information on threats, but it can’t be linked back to how actual businesses are being affected. Ultimately, that means FireEye is only seeing half the picture.
Given the fact that hackers are constantly refining their approaches to find new ways of avoiding detection, it seems presumptuous to claim the Chinese have drastically shifted policies. When Threat Intelligence dries up, it could be because the attackers have downed tools – or it could be that your detection capabilities aren’t as good as you thought.
The jury’s still out on whether Chinese hacking really has decreased. Yet, FireEye’s claim raises a tantalising possibility. If true, it shows executive action can impact security in a positive way.
Today, cybersecurity remains firmly embedded in the world of people, process and technology; we’ve yet to see government policies really move the needle on the challenge. If that’s proven to have happened here, every security professional should take note and work harder to bring government decision-makers into the conversation. We need to help politicians understand what we do and why, so future policies help, rather than harm, our efforts.
In the long-term, this high-level engagement is crucial. We need to liaise with the courts on how cyberweapons should be regulated and controlled. We need to discuss the rights of the police when it comes to harnessing zero-day threats to access data and devices. We need to set the boundaries for offensive security and state-sponsored hacking. It’s up to us, today, to help define the right balance between the needs of government, corporations and individuals tomorrow.
Ultimately, FireEye may be right or wrong about China, but it’s certainly a conversation that raises hugely important issues.
To learn more, watch SensePost’s Charl van der Walt discuss what’s on the horizon for security and the need for cyber professionals to take on the challenge of informing public policy.