McAfee's revelation that Shady RAT attacks could have hit thousands of targets as part of a massive global cyberattack is spawning speculation across the board. Some are pointing out how investors could benefit from security stocks. Others are focusing on the United States' top possible cyber enemies. But there's nothing particularly surprising in McAfee's report to people who have an interest in computer security.
Graham Cluley, a senior security consultant at Sophos, said security researchers already know companies get targeted by hackers, who install malware to gain remote access to their computers and data. Security researchers also already know that there are motivations for hacking which extend beyond purely financial, such as intellectual-property theft and economic and political interests.
"What the report doesn't make clear is what information was stolen from these organizations, and how many computers at each business were affected," Cluley said. "That would be useful information to learn how seriously we should take this report."
Wrongly Blaming China?
So while many security-research firms are jumping on McAfee's report to introduce their solutions to enterprises concerned about a new wave of cyberattacks, Cluley, for one, is still looking for the new revelation.
"From my reading of the report, it's unclear whether it was able to differentiate between when a junior employee's computer was infected with malware and when a PC belonging to someone in a more senior position was compromised. The seriousness, however, of the two security breaches would be very different," Cluley said.
What's more, he said, the report refuses to name who it believes is responsible for the hack. Although Cluley agrees with McAfee's decision to keep that information confidential, it has led to finger-pointing. Indeed, he noted, the media have leapt to the conclusion, with a nudge and a wink, that it must be China despite the lack of any evidence in the report that it is China.
"I don't think we should be naive. I'm sure China does use the Internet to spy on other countries," Cluley said. "But I'm equally sure that just about every country around the world is using the Internet to spy. Why wouldn't they? It's not very hard, and it's certainly cost-effective compared to other types of espionage."
What's clear to Cluley is that no organizations should let their defenses drop. He stressed that organizations should take security seriously, train staff, and put the right protections in place to reduce the chances of being the next victim.
"McAfee has got itself some great headlines by releasing this report just as the Black Hat security conference begins in Las Vegas," Cluley said. "Funnily enough, they did something very similar at the RSA Conference, where they released their NightDragon report. Maybe we can place bets as to when their next big piece of research will come out, too?"
File Secure Pro:
Posted: 2011-08-16 @ 5:06pm PT
Hackers want intellectual property not for their own use but to sell to competing organizations. I work for File Secure Pro, an intellectual property protection service, and although the scale of this attack is massive, I'm not surprised.
Even the largest, well funded organizations often don't have adequate protection. And once the information has been stolen, there often is no remedy. Once it has happened, you must assume the information is in the hands of your competitor or whoever has the most to gain from its disclosure. It's a shame that it often takes a painful incident before an organization will setup preventative measures to protect IP.
JAbadi - File Security Consultant
Posted: 2011-08-04 @ 3:42pm PT
I think McAfee is just trying to drum up business for its products. This is very vague and talks about affecting multiple organizations which some you have to wonder why any hacker would even want information from.