This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

How did intrusions go on for five years without being noticed?

Share this article:
Dan Raywood, news editor, SC Magazine
Dan Raywood, news editor, SC Magazine

The Shady RAT report from McAfee this week found that some sensitive organisations had been under attack for up to five years in some cases.

Back in June last year, ArcSight president and CEO Tom Reilly told me that he had met with the CEO of a company who had suffered ‘the largest breach in history', and said that while his technology could not have stopped the breach, it could have stopped it going on for '18 months'.

This led me to think; surely some sort of security information and event management (SIEM) technology would have detected this on the first intrusion and stopped the lengthy invasion? I spoke with Bill Roth, chief marketing officer at LogLogic, who said most people are under-protected and do not consider the reality of the advanced persistent threat (APT) or think that it will affect them.

He said: “There has been a major change in the way that black hat hacking is done, it is now about stealth and taking one's time. The trapdoors are laid slowly over time with one event a day or a week, it is among white noise.

“Now it is a case of you will get hacked, as the black hat only has to get it right once while you have to be protected all of the time. A system that is focused on storing large amounts of data needs to detect these things.”

Likewise Ross Brewer, vice president and managing director for international markets at LogRhythm, said: “The way this attack was spotted is a lesson to all organisations about how they should approach IT security in future.

“By collecting and analysing log data it was possible to locate where traffic flow was coming from. In addition, using log data in this way meant data loss and the methods by which it was extracted could be identified.

“Unfortunately many firms are wasting this valuable resource. In order to spot vulnerabilities in real time it is essential that organisations have automated, centralised systems in place that collect and monitor 100 per cent of log data on an ongoing basis.”

Nathan McNeill, co-founder and chief strategy officer at remote working solutions specialist Bomgar, said that the 'not knowing' can go on for a very long time and an effective security framework has to include means of detecting breaches when they happen, not just prevent them from happening.

He said: “A large enterprise is like an opera house. By necessity, you have an extensive network of secret remote access passageways that allow work to go on behind the scenes without disrupting the show.

“The problem with many enterprises is they've forgotten about half of the passageways and they don't have a way to audit the other half, leaving the door wide open for a phantom (or shady RAT) to take up residence and live comfortably, undetected for years."

One person also speculated to me that the report could see Senate Bill 21 reinstated, saying that it had been sidelined by the national debt issues and was suspected to be dead, but following this report the US government may see this as something big.

There was some comment on our original story that this was a marketing wheeze to encourage people to invest further in stronger security software, but talking to McAfee made me aware that the number of companies affected was not the story, but the duration of the operation was.

Could this roll on to greater levels? Well if those comments that a crucial piece of US legislation could put cyber security back to the fore do become true, then surely this has been a worthwhile exercise.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in Opinion

Women in cyber security: Changing pathways and perceptions

Women in cyber security: Changing pathways and perceptions

Security consultant Dr Jessica Barker says that the next step to getting more women into cyber security hinges on changing minds and career pathways.

Zeroing in on zero-day vulnerabilities with looping

Zeroing in on zero-day vulnerabilities with looping

Zero-day vulnerabilities are a fact of life in cyber-security, which is why looping is so essential, says Darren Anstee.

Humanise outsourcing with a Pay As You Go CISO

Humanise outsourcing with a Pay As You Go ...

Outsourcing your CISO is an option medium sized organisations should consider says Carl Shallow, who advises a Pay As You Go model to buy in expertise.