The Chinese Are Coming! (For Real!)
Posted on Thu, Dec 22, 2011 @ 01:27 PM
Right on the heels of last week’s fake story about Russian hackers comes a real story about Chinese hackers. As reported in the Wall Street Journal, the US Chamber of Commerce was compromised by a spearfishing attack that apparently originated in China. The findings suggest that the attack began with one or more employee email accounts, then spread to infect other servers and resources on the network. An indeterminate amount of data was stolen or compromised.
Spearfishing and other email-borne attacks illustrate the dangers of allowing end users to operate on the same local area network as production server systems. In this setting, a malware infection that originates on one laptop or PC can easily spread to mission critical application servers that run physical security and other building management services. When local security servers share a network with email, one careless mistake by an employee can compromise access control and video systems long before anyone detects the breach. In the case of the US Chamber of Commerce, researchers estimate that the hackers had access to the network for more than a year.
Cloud computing guards against this type of attack by keeping production systems on completely separate networks from end user computers. Software as a Service (SaaS), for example, is an outsourced solution that needs no computing infrastructure on the user’s local area network. Malware and other infections that occur within a corporate LAN therefore have no easy path to the cloud services provider. True SaaS providers operate isolated production networks at dedicated facilities that contain no personal laptops or PCs for just that reason. Administrative personnel access these systems through secure channels that don’t readily propagate malware.
In the ongoing discussion of the relative cyber security of cloud versus enterprise, we think that this immunity to email-borne malware is a clear win for the cloud computing argument.
- Steve Van Till