A Grim Warning About China's Cyber Attacks
It’s no secret that China is aiming to become the next world leading nation and that the Chinese Communist Party (CCP) is willing to play dirty to achieve their goals. The threat now seems more severe than ever, judging by the unprecedented joint appearance that the US and UK secret services made in London on July 6th, 2022.
At the press conference, FBI director Christopher Wray and MI5 head Ken McCallum urgently warned western institutions and businesses of China’s extensive hacking activity. According to their statements, the goal of these attacks is stealing western technology and destabilizing western politics to benefit the CCP. The MI5 is reportedly running seven times as many investigations relating to the CCP compared to 2018, and they are planning to allocate twice as many resources to China investigations in the next years to match the challenge, which the directors have described as “game-changing”, “immense” and “breathtaking”.
The hacking program the CCP is working with seems to be unparalleled to anything seen so far from other countries, warranting special attention and caution. Concrete examples include an attempt to extract classified information about military aircraft from a British aviation expert, made by the Chinese intelligence agency fronting as a company willing to hire said expert. In this case, the MI5 was able to interfere timely and prevent any information leaks.
This increased espionage activity from China’s side is being interpreted as preparation for invading Taiwan, as both secret services suspect that China is watching the conflict in Ukraine closely and learning valuable lessons on how to minimize the impact of West-imposed sanctions. While it’s unclear how exactly this conclusion was drawn, the fervor with which Wray and McCallum spoke on the topic leaves no doubt as to how critical the situation is.
The Chinese government is trying to shape the world by interfering in our politics (and those of our allies, I should add).
Christopher Wray, FBI Director
Since last year, security experts have been calling attention to China’s destabilizing cyberattacks, urging western leaders to impose sanctions on China for hacking Microsoft Exchange, which compromised more than 100.000 servers worldwide. Consequently, the US, EU and NATO formally accused the Chinese government of being responsible for this attack, however no further sanctions followed. With no legislation change in sight, the responsibility to deal with the surge of attacks seems to lie with the individual institutions and businesses.
What You Can Do to Protect Your Company Data
Same as with other dangers, prevention is key when fighting cyberattacks. Many institutions and businesses are not aware of the value their data has, which leads to haphazard data management. This makes them especially vulnerable to attacks and makes recovery more difficult compared to cases where preventive measures were put in place. Staying vigilant and educating your staff about safe internet practices is one part of the deal, however nothing beats setting up your information infrastructure in a way that makes it inherently secure.
End-to-end encryption is an important means of protection against espionage and hacker attacks. Cloud based information storage reinforced with strong encryption software such as Boxcryptor offers a high level of security, ensuring that your data stays confidential even in the event of a breach.
Let’s say a perpetrator gains access to your cloud, for example via a phishing attack. The data they find would be of no use to them whatsoever since all they could see is a string of gibberish characters and symbols, with no way of deciphering it. This protection can be transferred to other storage media as well: Boxcryptor can also be used to encrypt any data on your NAS and other physical data storage such as a USB stick.