New York Times targeted attack shows lack of capability of anti-virus
The advanced persistent threat (APT) suffered by the New York Times demonstrates the need for more than anti-virus.
As reported yesterday by SC Magazine, the New York Times suffered a targeted attack that lasted around four months after Chinese attackers were not happy with an article on out-going leader Wen Jiabao.
According to Symantec's statement, whose anti-virus technology was used by the New York Times, "anti-virus software alone is not enough".
Symantec said: “Advanced attacks like the ones the New York Times described in the article underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions.”
Speaking to SC Magazine, Chris Jenkins, director of security at Dimension Data UK, said that he agreed with the statement, as APTs are not designed to be widespread. “Anti-virus needs to be smarter and broader to pick up what gets sent in and flag and alert on what is happening,” he said.
“With an APT, they are sophisticated and harder to track and understand, this is the way things have changed. They are far more targeted.”
David Garfield, managing director of cyber security at BAE Systems Detica, said: “As the New York Times article points out, traditional security technology such as firewalls and anti-virus do not stop these events. They were never designed to counter the type of bespoke targeted attacks by adversaries with a strategic interest in accessing an organisation's networks.
“Organisations shouldn't ask what their security tools are telling them, but ask what they are not telling them; that can only be done by monitoring and analysing their networks for evidence of compromise.”
Rob Cotton, CEO of NCC Group, said: “Although we can't blame this incident purely on the anti-virus software, the on-going issue is that signature-based anti-virus tackles a problem that was prevalent 20 years ago but is largely irrelevant to today's cyber threats. Security budgets must be spread across a range of mitigation strategies, such as thorough employee education, whitelisting authorised software, data loss prevention and third party security.”
Jenkins said that this and similar stories show a need for better collaboration between vendors, as they do not share data. Jenkins said: “Users are looking for anomalies of traffic and trying to signal activities, even if it is only happening to one. Users need to share information and while some are working together, this should happen more.
“CISOs share experiences and knowledge, but it would be good if vendors would come together and react as it will not mitigate the problem but it will accelerate the response. I don't know why vendors keep stuff to themselves or feed into their cloud.”