By Claudiu Popa

 The Chinese are apparently after our law firms now. They weren’t content to hack Google and the Pentagon. After those hacking attempts on our federal government’s Finance and Treasury Board (considered to have been two of the most secure) departments, denied any wrongdoing.

Claudiu Popa

 

 And now they’ve set their sights on a notoriously low tech industry. But of course, their government vehemently denies it. The nerve! 

Defined by tradition, plagued by old-world values, the legal space seemed ripe for a sophisticated attack the likes of which we hadn’t seen since, well.. like, noon! Indeed, it was another simple email impersonating a legitimate employee and causing an infected attachment to get executed. Naturally, the remotely controlled malware siphoned out unspecified amounts of data before being detected. 

 

Related story – How to not get phished like the Canadian government 

Everything from oil companies to PR firms is getting the alleged unwanted attention of the Chinese. The persistent advances aren’t recent either. The FBI addressed the legal industry a couple of years ago with the stern warning to ‘train employees’ and ‘be careful what emails you open’.  Apparently they weren’t listening because someone went and clicked and here we are! 

The most basic Google search will now come back with one of “China denies role in hack” or “Sophisticated attack originated in China”. These advanced phishing and social engineering attacks naturally couldn’t have been avoided due to their sheer complexity. However that hasn’t stopped the alleged victims and their representatives from accusing and suing China to the tune of 2.2B. That’ll learn’em! 

What we do know is that a very high percentage of Asian computers are hopelessly infected with malware, in part due to the mountains of unauthorized software they insist on using. So if that’s the case, could we be looking at individual zombie systems  located practically anywhere, banding together to take advantage of basic gaps in employee security awareness, right across the continent? Let’s not forget: they’re denying it! So they must be guilty! The nerve!

About the author:
Claudiu Popa, is the CEO of Toronto’s Informatica Corporation (www.InformaticaSecurity.com).Follow him at http://Twitter.ClaudiuPopa.com
Share on LinkedIn Share with Google+