Putter Panda is coming for the data in your cloud.
Panda is thought to be a hacker working for Chinese signals intelligence. More specifically, China’s People Liberation Army, 3rd Department, 12th Bureau, Unit 61486. Panda and the unit was unmasked by ‘Net intelligence outfit Crowdstrike on Monday.
These days, security experts are near-unanimous in their agreements that Chinese hackers are coming for your data, if they want it. High on their shopping lists are American aerospace, military, intelligence and technology secrets, intelligence officials told VentureBeat.
HyTrust is paying attention. The Mountain View, Calif.-based cloud security automation outfit was launched in 2007, raising $34 million in venture funding, some of it from In-Q-Tel, a CIA funded venture firm launched in 1999 to keep the agency and its sister intelligence organizations up to date on the latest in tech.
Since launching, the U.S. intelligence community, including the CIA, now accounts for one-third of HyTrust’s business. HyTrust has quickly gained a reputation for keeping their eyes, and pulse, on emerging threats to IT infrastructure — and protecting it.
As for severity of the breaches at the hands of Putter Panda, Crowdstrike put it this way:
“Putter Panda is a cyber espionage actor that conducts operations from Shanghai, China, likely on behalf of the Chinese People’s Liberation Army (PLA) 3rd Department 12th Bureau Unit 61486. The PLA’s General Staff Division (GSD) Third Department appears to be China’s primary SIGINT collection and analysis agency. The 12th Bureau, Unit 61486, headquartered in Shanghai’s Chabei District, supports China’s space surveillance network.”
“They are a determined adversary group, conducting intelligence-gathering operations targeting the Government, Defense, Research, and Technology sectors in the United States, with specific targeting of space, aerospace, and communications.”
HyTrust chief executive Eric Chiu is alarmed at the breadth, scope, and persistence of Chinese government-sanctioned hackers and their well-documented obsession for not just American tech secrets but those of the European Union as well.
Indeed, Unit 61486 is headquartered in Shanghai, China, according to Crowdstrike, in a futuristic building surrounded by satellite intercept dishes and high walls. Unit 61486 joins their Chinese brethren Unit 61398, which saw five of their members unmasked and indicted by the U.S. Justice Department for stealing sensitive data from U.S. government and commercial systems in May.
HyTrust’s software solution has earned them accolades, and big revenues, as the government and private sector seek to keep their clouds secure, and the data too.
HyTrust’s solution breaks down into three parts: proactive controls; role-based monitoring of systems and a built-in capability to red flag unauthorized data access; and encryption that effectively scrambles and safeguards data to avoid breaches on your machine and information as it transits from device to cloud.
“We give clients the ability to make decisions on what you’re allowed, and not allowed, to do,” Chiu said.
Chiu said Chinese hacking will continue its relentless march to steal from the cloud. And Chiu offered VentureBeat and its readers five major ways you can protect your clouds from people like Putter Panda and Unit 61486.
“The need to protect data for the government is almost exactly the same as protecting data for our enterprise and commercial customers,” Chiu said.
“Cloud infrastructure collapses traditional physical systems like compute, networking and storage onto a single software layer which means that highly privileged administrators can copy every VM or destroy the entire virtualized data center in a matter of minutes.”
The Chinese are indeed coming. And here’s what to do.
5 ways to protect your cloud against Chinese cyberattacks
- Don’t rely on old security paradigms like perimeter and endpoint security. The biggest attacks are happening from the inside (Target, eBay, Edward Snowden, just to name a few) — like in Game of Thrones, a high wall and moat won’t protect you if your enemy is already inside. Instead, take an “inside-out” model to security and assume the bad guy is already on your network.
- Trust no one. The phrase “I trust my team” doesn’t cut it with distributed computing, cloud providers, and third-party partners that introduce greater points of access into your cloud environment.
- Secure access to critical systems and data. Ensure that you have fine-grained access controls, including the ‘two-man rule’ for dangerous or destructive operations, for your cloud infrastructure. If an outside attacker can pose as a cloud administrator, its game over — they can access and copy every virtual machine as well as destroy the entire data center in a matter of minutes.
- Implement role-based monitoring to ensure that you know what your administrators are doing and can compare that against what they should be doing. This is critical to identify potentially breaches or data center issues to reduce the threat window.
- Encrypt your data. Servers are now file or virtual machines which are highly portable and contain the entire OS, application and data. Encrypt data in the cloud so that in case someone gets past the controls in place and steals your virtual machines, essentially the data is useless.
Bring it on, Putter Panda!