Security firms knock heads over Shady RAT hacks
Attacks 'advanced' only in the sense they breached 'crappy defenses,' says analyst
Computerworld - U.S. and Russian antivirus vendors took shots at each other as they quarreled over a recent report of a cyber campaign that allegedly infiltrated scores of Western governments, organizations and corporations.
The report, released earlier this month by McAfee, claimed that a half-decade-long hacker operation compromised more than 70 U.S. and foreign government agencies, defense contractors and international organizations to plant malware that in some cases hid on networks for years.
McAfee's report was picked up by numerous news outlets, and even caught the eye of Congress. On Aug. 10, Rep. Mary Bono Mack (R-Calif.), the chairman of the House subcommittee on commerce, manufacturing and trade, sent a letter (download PDF) to McAfee asking for more information on the intrusions.
McAfee dubbed the campaign "Shady RAT" and said it was an example of an "advanced persistent threat," or APT, a term that's been used widely by mainstream security companies, and in news reports, since Google claimed that Chinese hackers had breached its network.
Last Thursday, the CEO of Moscow-based Kaspersky Labs took exception to McAfee's conclusions, especially that the attacks were sophisticated enough to justify the "advanced" part of the APT label.
"We consider those conclusions to be largely unfounded and not a good measure of the real threat level," said Eugene Kaspersky, CEO and co-founder of the company that bears his name.
"We found no novel techniques or patterns used in this malware," Kaspersky continued in an entry titled "Shady RAT: Shoddy RAT" on his personal blog. "What we did find were striking shortcomings that reveal the authors' low level of programming skill and lack of basic web security knowledge."
This wasn't the first time Kaspersky's company criticized its rival. Three weeks ago, Kaspersky and other security firms questioned McAfee's claims.
Kaspersky also claimed that the Shady RAT attacks originated from a long-known botnet, and cited McAfee for "crying wolf."
"But [we] decided not to ring any alarm bells due to its very low proliferation.... It has never been on the list of the most widespread threats," said Kaspersky. "For years now, the industry has adopted the simple and helpful rule of not crying wolf."
That implied accusation got a reaction out of McAfee.
"He's missing the point," countered Phyllis Schneck, McAfee's vice president and CTO for the antivirus company's global public sector group, in a Friday blog post of her own. "It's not the sophistication of the attack that's important, and this is a clear case where technical arguments are preventing some people from seeing the larger, more important picture."
Schneck argued that Shady RAT was newsworthy because of the number of targeted agencies, organizations and companies, as well as the attack's duration and the amount of data allegedly taken. "Quiet, insidious, market-changing threats like these hide in the noise of botnets, 'hacks,' and other high-profile or nuisance events," Schneck said.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!