Chinese are moving away from hacking?
FireEye feels the heat over China
Author: Charl van der Walt (Chief Strategy Officer, SensePost)
Where did all those advanced persistent threats go? That’s the question FireEye is apparently asking after blaming poor earnings on a decrease in Chinese-US cyberattacks. FireEye’s claim was met with some amusement on Twitter, but is it possible that government policy really has had such a direct impact on cybersecurity?
State-sponsored decisions
Cast you mind back to September 2015, when Barack Obama and Chinese President Xi Jinping reached a deal to curtail state-sponsored hacking. At the time, few analysts thought cyberattacks would tangibly decrease, believing Jinping was simply concerned by the threat of US sanctions against those profiting from cybertheft. Flash forwards to April 2016 when FireEye claimed that none of the 22 Chinese hacking groups it monitors are actively attacking US companies.
CEO Dave DeWalt believes the Chinese really have changed their tune, commenting:
“The frontal assault the Chinese military had on commercial operations in America was in pretty high gear for a few years here…but the pivot of China policy is causing some differences.”
According to DeWalt, the Chinese are now moving away from hacking in favour of “partnering with foreign firms, or even acquiring them outright” as they embrace cutting-edge industries like artificial intelligence and biotechnology where there’s simply less benefit to stealing from others. In short, the Chinese aren’t catching up any more – they’re ready to overtake.
FireEye gets flamed
Unfortunately, the bold suggestion that the Chinese are cutting-back their activities has been met with scorn by the wider security community. Tanium, CrowdStrike and Trend Micro have all rebutted FireEye’s claims, saying they haven’t seen attacks decrease.
As a leader in the security space that’s been instrumental in driving forward new approaches and methodologies – such as linking threat intelligence, breach detection and incident response – it’s a shame to see FireEye feeling the ire of its critics. However, the hot water FireEye now finds itself in also says something about its approach to Threat Intelligence.
FireEye’s threat feeds and research are fundamentally designed for mass consumption. The company doesn’t take localised knowledge of the end-user’s environment into account, settling instead for best-guess, generic assumptions. As our recent whitepaper explained, that means it’s possible to create a great deal of information on threats, but it can’t be linked back to how actual businesses are being affected. Ultimately, that means FireEye is only seeing half the picture.
Given the fact that hackers are constantly refining their approaches to find new ways of avoiding detection, it seems presumptuous to claim the Chinese have drastically shifted policies. When Threat Intelligence dries up, it could be because the attackers have downed tools – or it could be that your detection capabilities aren’t as good as you thought...