The report, “an investigation of targeted intrusions into more than 70 global companies, governments, and non-profit organizations during the last five years” serves as yet another wake-up call asking for an increased focus on security, and fast(Alperovitch, 2011, pg1). The report details a list of intrusions over the past five years into major companies by a single command and control server (one group of hackers) including dates of infection and removal (length of intrusion while going unnoticed).

There's a specialist from your university waiting to help you with that essay.
Tell us what you need to have done now!

order now

The attacks themselves used spear-phishing techniques that are by now standard. Apparently legitimate e-mails with attachments are sent to organization employees, and those attachments contain exploit code that compromise the employee’s system. These exploits are typically zero-day attacks. With a PC now compromised, the hackers can install RAT software on the victim PCs, to allow long-term monitoring, collection of credentials, network probing, and data ex filtration. McAfee says that the total data stolen through these attacks amounted to petabytes. Where it has gone and who has used it remains unknown.

The main problem with information surfaced by the report questions the reliability of major organizations such as our government who unable to secure their own networks. I share a very similar view as Dmitri Alperovitch, Vice President and threat researcher of McAfee, concerning the current state of security. “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.

In fact, I divide the entire set of Fortune Global 2,000 firms into two categories: those that know they’ve been compromised and those that don’t yet know. ” (Alperovitch, 2011, pg2). The sad reality is it’s not if you’ll be breached, but when. Dmitri goes on to say “Lately, with the rash of revelations about attacks on organizations such as RSA, Lockheed Martin, Sony, PBS, and others, I have been asked by surprised reporters and customers whether the rate of intrusions is increasing and if it is a new phenomenon.

I find the question ironic because these types of exploitations have occurred relentlessly for at least a half decade, and the majority of the recent disclosures in the last six months have, in fact, been a result of relatively unsophisticated and opportunistic exploitations for the sake of notoriety by loosely organized political hacktivist groups such as Anonymous and Lulzsec. When the rogue hacking group Lulzsec was making headlines using very basic and outdated exploits to prove a point, it was only a matter of time for the public to really notice how unsafe the Internet really is. “Yet, the public (and often the industry) understanding of this significant national security threat is largely minimal due to the very limited number of voluntary disclosures by victims of intrusion activity compared to the actual number of compromises that take place (Alperovitch, 2011, pg2).

With the goal of raising the level of public awareness today, we are publishing the most comprehensive analysis ever revealed of victim profiles from a five-year targeted operation by one specific actor—“Operation Shady RAT,” as I have named it at McAfee (RAT is a common acronym in the industry that stands for remote access tool)“ This report stands to further inform the public and, hopefully, change the name of the game.

The operation is quick to note that the method the attacker(s) chose was not new or even sophisticated, yet they were able to infect 70+ entities over several years. Through unsuspecting users, the hackers were able to gain and hedge their access through various backdoor Trojans and other remote tools to do what ever it was they intended to accomplish. Aside from being breached in the first place, some of the targets were either unaware of their networks being compromised for several months or were reinfected on countless occasions.

While the list is very diverse when it comes to those who were targeted, forty-nine of the 72 compromised organizations were in the United States (over sixty percent)(Alperovitch, 2011, pg2). The intruders were after data on sensitive U. S. military systems, the McAfee report says, as well as material from satellite communications, electronics, natural gas companies and even bid data from a Florida real estate company. While McAfee has not publicly came out and identified the hackers origin, it’s been speculated to be either the Chinese government or a rogue-group possibly sponsored by the state. The bias in this report comes from only one C;amp;C server’s activities being reported.

Leave a Reply

Your email address will not be published. Required fields are marked *