Shady RAT Raises the Ante on Data Breaches
By Roxana Bradescu on Aug 24, 2011
Recently McAfee published an interesting report about what they called Operation Shady RAT, focusing on a series “advanced persistent threat” attacks. Although many of these attacks were not so advanced and more often than not opportunistic rather than persistent, the represent a new phenomenon:
“The key to these intrusions is that the adversary is motivated by a massive hunger for secrets and intellectual property; this is different from the immediate financial gratification that drives much of cybercrime.”
The report says that victims include government agencies in the United States, Taiwan, South Korea, Vietnam, and Canada, the Olympic committees in three countries, and the International Olympic Committee. Rounding out the list of countries where Shady rat hacked into computer networks: Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India. The vast majority of victims—49—were U.S.-based companies, government agencies, and nonprofits. The category most heavily targeted was defense contractors—13 in all.
What does this mean to organizations? It’s no longer just about credit card and social security numbers or even your reputation any more. It’s about your business. Trade secrets. Customers. Strategic plans. All of it. It’s hard to disagree with the McAfee’s conclusion that the Fortune Global 2000 firms now fall into two categories: those that know they’ve been compromised and those that don’t yet know.
I am still amazed by the number of customers I talk to that really are doing nothing to protect the databases that hold their crown jewels. The majority of customers I talk to still don’t have enough auditing to know who’s accessing or tampering with data in their databases or the database infrastructure itself. Even more importantly they don’t have the preventive controls to ensure that this doesn’t happen. More on this as the 2011 IOUG Security Survey results are released.
For now, I urge organizations to really look at what they are doing to protect their databases, think about the the bad guys are doing to attack their databases, and stop going around “eyes wide shut”…