Speaking at the Reuters Cybersecurity Summit in Washington today, Chandra McMahon, VP for commercial markets at Lockheed's information systems business, detailed how many attacks are being aimed at the defence contractor, and said that these are increasingly coming from organised criminal groups.
The weapons-maker identified 43 distinct organisations that were actively targeting Lockheed's computer networks this year, compared to 28 campaigns in 2010 and 10 in 2007.
McMahon wouldn't be drawn on whether these attacks were state-sponsored, but did highlight instead how the attacks have increased in terms of sophistication. She said that there was a 20 percent rise in cyber campaigns, something she labelled as complex attacks with "specific tactics and procedures", in 2013 alone.
She added that the main purpose of these attacks was to steal data, disrupt networks and even damage equipment. Lockheed provided a range of cyber services for US military and government agencies – as well as companies working in the private sector on critical infrastructure.
Lockheed Martin has seen more malware targeting industrial control systems at utility companies, but no physical damage as of yet.
"While we haven't seen specific action on objectives in terms of damage, what we have seen over the last several years (is) malware created and deployed to damage critical infrastructure," McMahon said.
As a result, the company is seeing increased demand from private sector companies to beef up security, and expects “steep increases” in cyber security investments. That's good news for Lockheed, which expects double-digit growth in its cyber business, which is said to account for 10 percent of revenues in the £4.75 billion (US$ 8 billion) information systems sector.
Adrian Culley, independent security researcher and former Met Police Computer Crime Unit detective, told SCMagazineUK.com that defence companies are common targets, and are being hit with increasingly complex code.
“Defence companies are both part of Critical National Infrastructure, and Critical Defence infrastructure. As such, they are extremely high profile targets for hostile foreign nation state intelligence and military agencies.”
“A blended range of techniques are employed to this end, ranging from social engineering and conventional employee / contractor profiling and targeting, through to the use of highly targeted and bespoke technical attacks, often referred to as ‘advanced threats'.
"These technical attacks themselves employ and exploit a range of techniques, from the identification of previously unknown vulnerabilities to the bespoke writing of code to harness and exploit these.
“This activity will generally fall with the intelligence collection and tasking plan for the relevant state, and will range from theft of intellectual property relating to sensitive technologies through to outright disruption to attempt to prevent the company involved from operating successfully.”
Robert Graham, CEO of Errata Security (who recently broke the news of the 300,000 servers still vulnerable to Heartbleed), said that these figures were further evidence of industrial espionage, as opposed to state-sponsored action.
“China does have programmes where they get as much intellectual property as they can from companies like Lockheed Martin, but "cyber" is only part of it,” he told SCMagazineUK.com.
“It's really more a concerted effort at industrial espionage than cyber-attacks. The press focuses on the cyber angle and does a disservice to the rest of the industrial espionage that's happening.”