Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

McAfee, RSA: the entire Fortune 500 is compromised

Advanced, persistent RATs have outdone enterprise defences.

Every major corporation harbouring valuable information has been compromised, but only some know it, according to executives at McAfee and RSA.

High-grade information stealing Trojans were already sitting inside the firewalls of almost all Fortune 500 companies, RSA’s head of technology, Uri Rivner said Tuesday. 

He described the so-called “ZeusiLeaks Effect” as “the pervasive use of high-grade Trojans used by thousands of petty criminals”.

“They are already operating inside the firewalls of almost every Fortune 500 company,” said Rivner.  “External attackers are infecting employee PCs, either deliberately or as a side-effect of financial fraud attacks.”

This was separate to the “advanced persistent threat” of the ilk that undermined RSA’s SecurID authentication system earlier this year, though that attack also relied on infecting an employee's desktop through a rigged Excel file. 

Both types of attack show that perimeter security such as anti-malware were failing, according to Rivner.

Companies would need technologies that detect and investigate threats already inside the company, where it is already assumed all end devices are infected, he said. Although he did not mention RSA’s recently acquired company NetWitness, it is one of RSA's product set that will provide such capability through “full packet capture” network forensics that sit alongside traditional security information and event management (SIEM) tools.

McAfee’s VP of Threat Research Dimitri Alperovitch broadly agreed with Rivner's comments that every major corporation has been compromised.

“I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know,” he said Wednesday, announcing McAfee's research into one group's activities over a five year period using a family of remote access tools (RAT).

McAfee's analysis of log files of a command and control server data it dubbed “Operation Shady RAT”, found that beginning in 2006 a single attacker had gained access to 72 organisations including government, defence contractors, industry, technology companies and trade organisations from South Korea, the US, Canada, Britain, Denmark, Switzerland, Japan, Indonesia, Vietnam, Hong Kong, Germany and India.

Alperovitch claimed the targets and timing of the attacks suggested they were state-sponsored.

“The interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC) and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks,” he said.

The logs revealed that intrusions were kept to a minimum in 2006, with only eight recorded against a South Korean government agency and an energy research lab and several international trade organisations including the ASEAN Secretariat.

“That last intrusion began in October, a month prior to the organisation’s annual summit in Singapore, and continued for another 10 months,” noted Alperovitch.

The number of organisations the attackers were observing each year grew from eight in 2006 to 29 in 2007, 36 in 2008, and 38 in 2009, before dropping down to nine in 2011 -- an indication that remediation measures had been put in place.

Often the intrusions remained undetected over many months, ranging from two years to one month. A US satellite communications company, for example, was compromised in February 2009 and remained so for 25 months.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ASEAN, etwork, Excel, International Olympic Committee, IOC, McAfee, RSA, Switzerland

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: anti-malware, Dimitri Alperovitch, Fortune 500, mcafee, NetWitness, network forensucs, News, packet capture, perimeter security, Remote Access tools, rsa, SecureID authentication, security, SIEM, trojan, ZeusiLeaks Effect
Latest Blog Posts
Whitepapers
  • Seven Steps to Effective Data Governance
    Creating a framework to ensure the confidentiality, quality, and integrity of data – the core meaning of data governance – is essential to meet both internal and external requirements, such as financial reporting, regulatory compliance, and privacy policies. At its best, data governance roots out risk – both business and compliance risk – by increasing oversight. This white paper provides seven steps for taking such an approach, concluding with a real world example, taking an incremental approach using a repeatable framework that is a practical, proven strategy that any size organization can implement to suit their immediate and long-term needs and budget.
    Learn more »
  • Printer Usage and Cost Management Strategies for the Australian Mid-market, an Unrealised Opportunity
    This whitepaper was commissioned to aid senior business and ICT decision makers of medium-sized government and corporate organisations, including marketing, finance, and technology executives to better understand the current use of print devices including copiers, printers and multi-function Page 19 Reproductions in whole or in part are prohibited. This whitepaper also provides insights into how current management practices can be improved to optimise investments and improve sustainability. Read on.
    Learn more »
  • Oracle Exadata - Extreme performance, lowest cost.
    As organizations contend with escalating demands for greater quantities of information, more sophisticated data analysis, and a burgeoning user population, Oracle Exadata makes database workloads faster, easier to manage, and less expensive. Oracle Exadata is the world’s first database machine to provide extreme performance for both data warehousing and online transaction processing (OLTP) applications. Read this whitepaper.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments