In conjunction with this weeks BlackHat 2011 hacker conference, security vendor McAfee Inc. has released details on what itdescribes as the most comprehensive revelation and analysis of previously undisclosed intrusions,which may threaten the national security of the U.S. and other nations.
I am convinced that every company in every conceivable industry with significant size andvaluable intellectual property and trade secrets has been compromised (or will be shortly).
Dmitri Alperovitch, vice president of threat research, McAfeeLabs
Today the security vendor unveiled Operation Shady RAT, asMcAfee has named it, a five-year research effort that led to the identification of 72 compromised,intruded parties, all relevant to the national security posture of the U.S. or other nations,broken down into 32 unique organization categories in 14 different countries.
The security firm legally gained access to a particular command-and-control server used by theintruders who perpetrated the attacks and collected their logs, revealing the full extent of thevictim population and the duration of the breaches since mid-2006, though its unclear whether theintrusions began earlier.
I am convinced that every company in every conceivable industry with significant size andvaluable intellectual property and trade secrets has been compromised (or will be shortly), saidDmitri Alperovitch, vice president of threat research for McAfee Labs. In fact, I divide theentire set of Fortune Global 2000 firms into two categories: those that know theyve beencompromised, and those that dont know yet.
Accordingto the report, theres enormous diversity among the victim organizations, including the UnitedNations, a multinational Fortune 100 company, and a national Olympic team. Alperovitch said thereport only analyzed the logs on one particular server and the number of intrusions perpetrated bythe attacker organization is well into the thousands.
The report explains the intrusions were rather standard procedure: typically a spear-phishingemail containing an exploit is sent to a trusted insider with privileged access at the targetorganization. When the email is opened on an unpatched system, a download begins and implantsmalware. That malware then allows a backdoor communication channel to the command-and-controlserver where live intruders can access the infected machine.
According to research by McAfee, which was acquired by Intel Corp. in February, these types ofattacks have occurred relentlessly for the past half decade, at least. And the motivation isntimmediate financial gratification like most cybercrime, but rather the hunger for secrets andintellectual property, the report explains.
Much of the information McAfee said has been compromised over the past five years includesclosely guarded and classified national secrets, negotiation plans and exploration details for newoil and gas field auctions, SCADA configurations, design schematics and numerous other pieces ofsensitive information.
The report explains that even if a fraction of it is used to build better competing products orbeat a competitor at a key negotiation the loss represents a massive economic threat not just toindividual companies and industries, but to entire countries. These countries national securitycan be completely impacted with the loss of highly classified and important intelligence anddefense information.
Black Hat 2011
See all our news coverage and exclusive videos from BlackHat 2011.
While the United States may be the most targeted and intruded country by the attackers, it isntthe only one. Others include Canada, South Korea, Taiwan, Japan, Switzerland, the UK, Indonesia,Vietnam, Denmark, Singapore, Hong Kong, Germany and India, and, as McAfee explained, that was justfrom one server.
However, Graham Cluley, senior technology consultant with security vendor Sophos plc, questionedthe relevance of McAfees findings.
To be honest, there's nothing particularly surprising in McAfee's report to those of us whohave an interest in computer security, Cluley wrote in ablog entry Wednesday. What the report doesn't make clear is precisely whatinformation was stolen from the targeted organizations, and how many computers at eachbusiness were affected.
The report claims a single actor or group conducted these intrusions as one specific operation;Alperovitch sought to clarify he doesnt want to point fingers. Theres no hard evidence of whois behind the attacks, he said, so it would only be speculation.
This could easily escalate from stealing to modifying and potential exists for more dangerousactivity, Alperovitch added.
This is a problem of massive scale that affects nearly every industry and sector of theeconomies of numerous countries, and the only organizations that are exempt from this threat arethose that dont have anything valuable or interesting worth stealing, the report stated.
0 comments:
Post a Comment