The audit firm PwC’s cyber security practice has worked with BAE Systems and others, and the UK’s National Cyber Security Centre (NCSC), to uncover and disrupt what they term a sustained global cyber espionage campaigns.
Since late 2016, when the scale of the espionage campaign became increasingly apparent, PwC and BAE Systems, through their membership of the Cyber Incident Response (CIR) scheme, shared their research with the then fledgling NCSC, which has notified affected communities. The NCSC meanwhile has released advice aimed at Managed Service Providers (such as an outsourced firm managing a corporate network) and their customers. The NCSC believes the risk of direct financial theft from individuals is unlikely.
PwC and BAE Systems believe the hacking group widely known as ‘APT10’ conducted the espionage, by targeting providers of managed outsourced IT services as a way in to their customers’ organisations around the world, gaining access to intellectual property and sensitive data. For example APT10 masqueraded as legitimate Japanese government entities to gain access to Japanese organisations. This indirect approach of reaching many through only a few targets shows a new level of maturity in cyber espionage, the firm says. The sheer scale of the operation was only uncovered through collaboration, and is still only likely to reflect a small portion of APT10’s global operations, the practice warns.
Richard Horne, cyber security partner at PwC, said: “The future of cyber defence lies beyond simple intelligence sharing, but in forging true collaboration between organisations in the public and private sector with the deep technical and innovative skills required to combat this type of threat. This operation has demonstrated the importance of the recently established National Cyber Security Centre, set up for moments just like this. Operating alone, none of us would have joined the dots to uncover this new campaign of indirect attacks. Together we’ve been working to brief the global security community, managed service providers and known end victims to help prevent, detect and respond to these attacks. New forms of attack require new ways of working to defend our society. Close working collaboration is key.”
For more on Operation Cloud Hopper visit the PwC website.
Advice
The NCSC says that it’s unlikely that any MSP is in a significantly better position than any others. The way they respond to the incident, how they help you investigate any potential impact on your systems and data and their willingness to work with you on remediation and future uplifts in the security of their service to you should be part of your determination of your long-term relationship with your provider. MSPs who are unwilling to work closely with customers or unwilling to share information with you should be treated with extreme caution.
