This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

New York Times targeted attack shows lack of capability of anti-virus

Share this article:

The advanced persistent threat (APT) suffered by the New York Times demonstrates the need for more than anti-virus.

As reported yesterday by SC Magazine, the New York Times suffered a targeted attack that lasted around four months after Chinese attackers were not happy with an article on out-going leader Wen Jiabao.

According to Symantec's statement, whose anti-virus technology was used by the New York Times, "anti-virus software alone is not enough".

Symantec said: “Advanced attacks like the ones the New York Times described in the article underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions.”

Speaking to SC Magazine, Chris Jenkins, director of security at Dimension Data UK, said that he agreed with the statement, as APTs are not designed to be widespread. “Anti-virus needs to be smarter and broader to pick up what gets sent in and flag and alert on what is happening,” he said.

“With an APT, they are sophisticated and harder to track and understand, this is the way things have changed. They are far more targeted.”

David Garfield, managing director of cyber security at BAE Systems Detica, said: “As the New York Times article points out, traditional security technology such as firewalls and anti-virus do not stop these events. They were never designed to counter the type of bespoke targeted attacks by adversaries with a strategic interest in accessing an organisation's networks.

“Organisations shouldn't ask what their security tools are telling them, but ask what they are not telling them; that can only be done by monitoring and analysing their networks for evidence of compromise.”

Rob Cotton, CEO of NCC Group, said: “Although we can't blame this incident purely on the anti-virus software, the on-going issue is that signature-based anti-virus tackles a problem that was prevalent 20 years ago but is largely irrelevant to today's cyber threats. Security budgets must be spread across a range of mitigation strategies, such as thorough employee education, whitelisting authorised software, data loss prevention and third party security.”

Jenkins said that this and similar stories show a need for better collaboration between vendors, as they do not share data. Jenkins said: “Users are looking for anomalies of traffic and trying to signal activities, even if it is only happening to one. Users need to share information and while some are working together, this should happen more.

“CISOs share experiences and knowledge, but it would be good if vendors would come together and react as it will not mitigate the problem but it will accelerate the response. I don't know why vendors keep stuff to themselves or feed into their cloud.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

China refutes new FBI hacking claims

China refutes new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.

SC Exclusive: Bank of England to appoint new CISO in January

SC Exclusive: Bank of England to appoint new ...

Bank of England Chief Information Security Officer (CISO) Don Randall is to leave his post in the New Year to take up an unspecified supervisory role, with William Brandon set ...

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name ...