Threat Intelligence Blog

Posted July 25, 2013

During the past year we have heard countless reports of U.S.-targeted web attacks coming from China.  Conversely, we don’t often hear about foreign attacks that target China. A July 4 article from CSO Online titled, “China Sees Increase in Trojan and Botnet Attacks from Other Countries,” highlights the reported increase in Trojan, botnet, and mobile malware attacks within China from outside actors.

China’s National Computer Network Emergency Response Team (CNCERT) reported that the number of Trojan and botnet servers increased by almost 60% between 2011 and 2012. CNCERT also reported:

  • A total of 73,000 Trojan and botnet servers hijacked approximately 14.2 million Chinese host machines.
  • The largest number of those servers—13,000—were based in the U.S., followed by South Korea and Germany.
  • Chinese officials assert that the Trojans and botnets were created to steal data or facilitate other hacking attacks.

Mobile malware is also on the rise within China, with a 25% increase in malware identified between 2011 and 2012. Most of the malware—82.5%—was designed for Google’s Android OS, which is the most widely used mobile platform in China.  One particular piece of malware named “Android.Troj.mdk” hid within the user’s apps. Once it infected the victim’s smartphone, hackers could remotely control it. From there, they could install other apps and access sensitive data such as contact lists and videos.

How accurate are these statistics?  Although the numbers may be inflated due to recent US-China cyber tensions, it is likely that China is experiencing a major uptick in targeted malware. One plausible reason for this is China’s widespread use of Android OS. Security firms have acknowledged the openness of the Android platform, which is highly amenable to exploitation. Since Android is more popular in China than any other country, it is possible that Chinese users are simply victims of targeted Android attacks.

It is also important to consider that in China, it is common for vendors to recreate more affordable versions of popular software and mobile devices which lack adequate security measures. These devices make easy targets for hackers interested in personal gain. As individuals across the country continue to buy tech goods, these types of attacks proliferate.

Another plausible theory is attributed to the growing hacker culture among individual activist groups.  Recently, the large majority of physical actions are also coupled with cyber action initiatives. Human rights advocates take on sweeping causes that often involve dedicated cyber-attacks. It is possible that these groups are increasingly targeting China in the name of social and political causes.

What does this mean for your business?

1)     Increased hacktivism and related activity in China will build China’s internal expertise in hacking and malware development. This in general increases risk over time for IP theft and data-targeted attacks

2)     If you have operations in China, it is important to take extra precaution with your company’s information when using Chinese computers and software (this also applies to mobile platforms).

3)     Information shared across borders with clients and customers is increasingly at-risk.

Not only are corporate assets at risk from widespread internal IP theft and cybercrime, but the increased amount of external malware in the country also makes them vulnerable to actors infiltrating China. Trojan and botnet attacks are pernicious and fast-growing, and it is crucial for your business to be able to detect, and mitigate, these attacks before they happen.

Additional Posts

Google’s Bouncer and Apple’s Vetting Process May Not Be Enough to Stop Rogue Mobile Apps

This blog is an update to our recent post about security measures designed to help prevent rogue ...

Securing User Privacy with HTTPS

"All Sites Should Deploy HTTPS" Internet Security 101 teaches us that sites should use SSL to ...