The latest attack in South Korea is different, though. At a relatively “meager” 35 million compromised accounts it may seem almost trivial by comparison, but in this case the figure of 35 million has a whole different meaning, because it means that basically every user in South Korea who uses the Internet at all is possibly affected.

Authorities are blaming China for the attack against Cyworld–a popular South Korean social networking site. The hackers were able to grab names, phone numbers, email addresses and other sensitive information.

Attackers–apparently using counterfeit SecurID tokens thanks to information compromised in an earlier breach of RSA Security–have attacked the networks of defense contractors, including Lockheed-Martin and L-3 Communications. Now, there are also reports that hackers have gained access to hundreds of Gmail accounts, including personal email accounts of senior US officials.

International espionage is nothing new. Nations–even allies–are constantly trying to access classified information and learn the secrets of rival nations. All that has changed is that the Internet has made it much easier and faster in many cases to get that information–anonymously, and remotely from around the world with much less risk of personal harm on the part of the “spy”.

We don’t know for sure who our Cold War enemy is, or if its a single nation or multiple nations. But, Google reports that the Gmail account hacks originated from China. I wonder how all of this fits in with the Pentagon doctrine that a cyber attack can be considered an act of war worthy of an armed response?

The McAfee report–titled Global Energy Cyber Attacks: “Night Dragon”–states, “Starting in November 2009, coordinated covert and targeted cyber attacks have been conducted against global oil, energy, and petrochemical companies. These attacks have involved social engineering, spear phishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations.”

The implications are ominous. The computer and network security industry operates on a primarily reaction-based model. Attackers create threats, and security vendors discover them and create defenses to guard against them…after the fact. If  the attacks fly under the radar, though–remaining undiscovered–then there is little that most of today’s security solutions can do to detect or evade them.

Attacks such as this–like the “Operation Aurora” attacks against Google and others (also a China-based effort), or the Stuxnet worm ostensibly engineered specifically to compromise the nuclear capabilities of Iran–are much harder to defend against. McAfee explains, “Our experience has shown that many other industries are currently vulnerable and are under continuous and persistent cyber espionage attacks of this type. More and more, these attacks focus not on using and abusing machines within the organizations being compromised, but rather on the theft of specific data and intellectual property.”

Technology has evolved, and cyber attacks have matured. Organizations can’t just rely on the traditional firewall and antivirus software model to protect corporate secrets and other sensitive information, or to guard against subversive coordinated attacks. IT and security admins need to be more proactive about vulnerability and risk assessment of critical assets, and more vigilant about safeguarding sensitive information and preventing it from being leaked or compromised.