McAfee defends its #shadyrat report, niet way it's shoddy

News by Dan Raywood

McAfee has responded to Eugene Kaspersky's criticism of its Shady RAT report, claiming that he has 'missed the point'.

McAfee has responded to Eugene Kaspersky's criticism of its Shady RAT report, claiming that he has ‘missed the point'.

Writing in a blog post last week, the Kaspersky Lab CEO said that he did not believe that Shady RAT represented a sophisticated attack, that no novel techniques or patterns were used in the malware and in comparison to Stuxnet, he likened it to ‘a lame piece of homebrew code that could have been written by a beginner'.

Phyllis Schneck, vice president and chief technology officer of the global public sector at McAfee, said that Kaspersky was ‘missing the point', as Shady RAT was not about malware, but ‘a massive case of espionage and wealth transfer'.

Schneck said: “This attack was exposed so honest global communities can be aware of the urgency of cross-sector cyber resiliency. The cyber adversaries are agile and fast and disregard the law. They share information with ease and they execute their will upon companies, markets and potentially entire economies.

“We lack the alacrity to defend against this threat without public-private collaboration, which begins with global awareness, the very thing we must promote to protect our way of life.”

She said that Kaspersky's ‘taking issue with providing information to the public' was unfortunate, saying it is not the sophistication of the attack that is important. “This was a clear case where technical arguments are preventing some people from seeing the larger, more important picture,” said Schneck.

McAfee also denied Kaspersky's belief that Shady RAT is a botnet, saying that he had got botnets and advanced persistent threats (APT) confused.

Schneck said: "In this case, the APT should really be called an SPT (successful persistent threat). It was only as advanced as it needed to be. The impressive thing here was the breadth of targets, the length of the attack and the amount of data taken, remembering also that we know only of 72 companies/organisations victimised through one command and control server, out of hundreds or more used by this adversary.”

Writing on his Twitter page, Kaspersky said that despite its explanation, McAfee has still not provided any proof that any party was compromised or that any data was leaked because of Shady RAT.

He insisted that Shady RAT is a botnet, not an APT and said: “Shady RAT is a threat, but no more than the avalanche of other threats we detect on a daily basis.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews