On October 5, 2014, FBI Director James Comey discussed cyber espionage with Scott Pelley of CBS 60 Minutes.
At 8:50 Director Comey discusses cyber security.
Scott Pelley: What countries are attacking the United States as we sit here in cyberspace?
James Comey: Well, I don’t want to give you a complete list. But I can tell you the top of the list is the Chinese. As we have demonstrated with the charges we brought earlier this year against five members of the People’s Liberation Army. They are extremely aggressive and widespread in their efforts to break into American systems to steal information that would benefit their industry.
How do the Chinese do it? On September 17, 2014, the Senate Armed Services Committee reported that 100% of Chinese attacks are committed using spearphishing.
One of the challenges for APT attackers is drafting convincing spearphishing bait. Attack materials must not be suspicious — the bait must not raise warnings in the mind of the intended victim. Col. Greg Conti, head of cyber warfare research at West Point, observed in the New York Times:
What’s ‘wrong‘ with these e-mails is very, very subtle. They’ll come in error-free, often using the appropriate jargon or acronyms for a given office or organization.
Taking human thought processes as a given, defenders need effective tools to address deceptive emails. That is where SP Guard steps in. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner. You can contact us using our online form.