ads

Thursday, February 21, 2013

Mandiant report on APT1 & China’s cyber espionage units


Early this month it was spread the news regarding a sophisticated cyber espionage campaign against principal media agencies in US, included NYT and Washington Post, the hackers have tried to compromise the email account of journalists to steal sensitive information. The campaign appeared very aggressive, the hackers have tried to infiltrate the network of the journal using 45 instances of targeted malware, as revealed by forensics analysis conducted by Mandiant security firm.

Mandiant experts observed that the hackers began work, for the most part, at 8 a.m. Beijing time operating for a standard work day, but the group of hackers has also attacks stopped for a couple of weeks periodically.

APT1_Activity

The New York Times reported:
"“The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.”"




TimeLine_APT1


Few weeks after The Mandiant® Intelligence Center™ released an shocking report that reveals an enterprise-scale computer espionage campaign dubbed APT1.  The term APT1 is referred to one of the numerous cyber espionage campaign that stolen the major quantity of information all over the world.


The evidences collected by the security experts link APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398) but what is really impressive is that the operations have been started in the distant 2006 targeting 141 victims across multiple industries.


Following the info provided on the famous “Unit 61398:

The nature of “Unit 61398’s” work is considered by China to be a state secret; however, we believe it engages in harmful “Computer Network Operations.”
Unit 61398 is partially situated on Datong Road (大同路) in Gaoqiaozhen (高桥镇), which is located in the Pudong  New Area (浦东新区) of Shanghai (上海). The central building in this compound is a 130,663 square foot facility  that is 12 stories high and was built in early 2007.
We estimate that Unit 61398 is staffed by hundreds, and perhaps thousands of people based on the size of Unit 61398’s physical infrastructure.
China Telecom provided special fiber optic communications infrastructure for the unit in the name of national defense.
Unit 61398 requires its personnel to be trained in computer security and computer network operations and also requires its personnel to be proficient in the English language.
Mandiant has traced APT1’s activity to four large networks in Shanghai, two of which serve the Pudong New Area where Unit 61398 is based.
During the attacks the attackers have took over APT1 malware families and has revealed by the report APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos  showing actual APT1 activity.

The Mandiant has also identified more than 3,000 indicators to improve defenses against APT1 operations  and is releasing a specific document that will address them  including APT1 indicators such as domain names, IP addresses, and MD5 hashes of malware.

APt1 has systematically stolen hundreds of terabytes of data from victim organizations and has demonstrated the capability and intent to steal from dozens of organizations simultaneously.

Compromised_Industry

APT1 is a persistent collector,  once APT1 has established access, they periodically access to victim’s network stealing sensitive information and intellectual property for a long time, typically maintaining access to victim networks for an average of 356 days.

The longest time period APT1 maintained access to a victim’s network was 1,764 days, or four years and ten months.

In the precious document the Mandiant will also propose:

Thirteen (13) X.509 encryption certificates used by APT1.
A set of APT1 Indicators of Compromise (IOCs) and detailed descriptions of over 40 malware families in APT1′s arsenal of digital weapons.
IOCs that can be used in conjunction with Redline™, Mandiant’s free host-based investigative tool, or with Mandiant Intelligent Response® (MIR), Mandiant’s commercial enterprise investigative tool.
Mandiant managers have decided to make an exception to its traditional non-disclosure policy due the risks related to the imposing cyber espionage campaign and its impact on global economy, many states and related industries are victims of the offensive.

Following a meaningful declaration of the security firm:

“It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat the threat effectively.  The issue of attribution has always been a missing link in the public’s understanding of the landscape of APT cyber espionage.  Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.  We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches.”

The cyber war has started a long time ago!

source: http://securityaffairs.co

Saturday, February 16, 2013

Botnets for sale


Internet is becoming a mine for criminals that in easy way are able to access to any kind of resources to arrange a cyber attacks, a cyber espionage campaign or a complex banking fraud.

What is very scaring is the simplicity with which it is possible to acquire any kind of criminal services in the underground and the creativity of cyber criminals that are able to offer model of sale efficient as cheap. In the past I proposed in different posts information related to the sales in the underground market, especially the Russian one that is considered the most active.

In the last month various malicious campaigns have been launched by cyber criminals with specific intent to infect the largest number of machines composing dangerous botnets. The availabilities of a great number of infected machines translates into the availability of valuable resources and services to be marketed by cybercrime gaining considerable profits.

Cyber criminals are offering malware-infected-hosts, also known as loads, in a model of sale that proposes the monetization of bots activities through its rent of the compromised systems.

Of course the services offered are totally customizable, clients can choose the type of malware that infects the victims and their geographic location, it is possible rent US-based malware infected hosts or machine in European Union.

Security expert Dancho Danchev in a post on Webroot threat blog revealed newly launched underground service offering access to thousands of malware-infected machine for upsetting prices, a thousand US-based hosts costs $200 meanwhile for a thousand EU-based hosts price varies between $60/$120, and the price for a thousand international mix type of hosts is $20.



The different prices applied are calculated bases on purchasing power and long-term value of a malware-infected host, US users are considered by cybercriminal organization the most wealthy, the pricing policy is very diffused, in many cases the malicious services are sold to US users at higher prices, I add that probably there are also other considerations behind cost evaluation such as specificity of the demand in specific areas and cost to maintain alive botnet in countries in which cyber security is more responsive.

Dancho Danchev a couple of years ago conducted an interesting study on botnet renting:

“The logical shift from static pricing lists, to the embracing of multiple pricing schemes such as price discrimination (differentiated pricing), or penetration pricing, naturally resulted in different prices for different targeted groups.”

Which are the principal use of thousands of infected hosts?

Typically the criminals are interested to the arrangement of cyber frauds and a so wide number of machines could be used for launching related malicious and fraudulent campaigns, in other cases they search for new infected machines in possession of clean IP reputation, IP reputation is an essential component for the efficiency of botnets.

The post highlight the use of “partitioned” access to botnet to further disseminate malware variants, in many cases security experts discover inter-connections between different malware families spread by the same group of compromised machines, circumstance that suggest the promiscuous use of the machines.

The model of sale appears ideal for those criminals that desire to spread malware without be bothered with botnet management and hosts recruiting, due this reason cyber criminals opt to rent an exploit service.

Damballa Labs recently investigated a criminal infrastructure being used by a person or group running a Critx exploit kit rental service.



The exploit kit is being rented or leased on its own criminal infrastructure, for which the cyber criminals have already build up the malicious services adopting al necessary precautions, such as multiple IP addresses and redundancy, to avoid botnet takedowns.

Few months ago security researchers from Symantec discovered Malware-infected computers rented as proxy servers on the black market. Cyber criminals using a malware were able to turn infected computers into SOCKS proxy servers to which access is then sold, they used compromised host to power a commercial proxy service that tunnels potentially malicious traffic through them.

The example provided are the demonstration of how much prolific is the model of sale known as “malware as service”, a monetization schema that will we will encounter more and more often in the months to come.

source: http://securityaffairs.co

Facebook hacked by 0day




In this last months we have registered numerous clamorous attacks against intelligence agencies, government offices, media and social networking platforms. Twitter was last victim in order of time but the thought of security experts was focuses of Facebook, the biggest social networking with more than 1 billion members, a mine of information related to the widest audience of users. Facebook is a single application that manages an impressive number of information of data and so it represents a privileged target for attackers.

Facebook company revealed on Friday that it has been hit in January by an unidentified group of hackers, fortunately no user information was compromised during the attack.

What is really interesting is the level of sophistication of the malware based attack that eluded security defense, it compromised the developer’s website and infected the employees machine when visited it.

The laptops infected were fully-patched and running up-to-date anti-virus software occurrence that suggests attacker have exploited zero day vulnerabilities hosting an exploit on the web site.

The official statements reports:

“Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure. As such, we invest heavily in preventing, detecting, and responding to threats that target our infrastructure, and we never stop working to protect the people who use our service. The vast majority of the time, we are successful in preventing harm before it happens, and our security team works to quickly and effectively investigate and stop abuse.

Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.”

Facebook advisory confirmed that security teams of the company are very active in the fight to cyber threats thanks to an intense collaboration with law enforcement and security teams of other companies. The attacks seems to have exploited a zero-day Java software vulnerability well before the official announcement provided by Oracle company.

“After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”

The investigation are still ongoing as confirmed by Facebook

“We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.”

Friday, February 8, 2013

Microsoft and Symantec = not fucking around



Microsoft teamed up with Symantec to take down a nasty malware affecting thousands upon thousands of PCs. Bamital botnet hijacked people’s search experiences and redirected victims to potentially dangerous sites that could leave them vulnerable to other online threats and steal their personal information.

Experts from the organizations obtained a court order and shut down servers at a data center in New Jersey and convinced operators in Virginia to shut down a server they control in the Netherlands on Wednesday.

The Bamital botnet threatened the US$12.7 billion online advertising industry by generating fraudulent clicks on Internet ads. Microsoft’s research shows that Bamital hijacked more than 8 million computers over the past two years. Microsoft says that the botnet affected many major search engines and browsers including Bing, Yahoo, and Google offerings.

Bamital's organizers also had the ability to take control of infected PCs, installing other types of computer viruses that could engage in identity theft, recruit PCs into networks that attack websites and conduct other types of computer crimes.

Now that the servers have been shut down, users of infected PCs will be directed to a site informing them that their machines are infected with malicious software when they attempt to search the web.

It was the sixth time that Microsoft has obtained a court order to disrupt a botnet since 2010. Botnets are an increasing problem for security firms and computer users alike.

Their complaint identified 18 "John Doe" ringleaders, scattered from Russia and Romania to Britain, the United States and Australia, who registered websites and rented servers used in the operation under fictitious names.

Chinese malware campaign 'Beebus' target US defense industries





A Chinese malware campaign called 'Beebus' specifically targeting the aerospace and defense industries has been uncovered by FireEye security researchers. Beebus is designed to steal information, and begins its infiltration, as so many attacks do, with spear-phishing emails.

Operation Beebus very related to Operation Shady RAT and was first detected in April 2011. The attacks carried out by spear phishing attack and drive-by downloads as a means of infecting end users. malicious Whitepapers or PDFs were mailed to targets and by using known flaws, malware was able install Trojan backdoors on vulnerable systems. The malware communicates with a remote command and control (CnC) server.

FireEye discovered the attacks on some of its customers in the aerospace and defence last March and the Vulnerability in the Windows OS known as DLL search order hijacking was used to drops a DLL called ntshrui.DLL in the C:\Windows directory.

It has modules to capture system information like processor, disk, memory, OS, process ID, process start time and current user information and another module to download and execute additional payloads and updates.

The original PDF was modified using the Ghostscript tool for making weaponized PDF. Researchers believes that Beebus is a Chinese campaign because of its similarities to Operation Shady RAT.

The Beebus attackers also used a TTP (tools, techniques, and procedures) identical to the RSA hack. Researchers believe that to group called "Comment Group" or "Comment Team," associated with the Chinese government is behind the Operation Beebus campaign.

source: www.americannewsblog.com

Computer hacker accused of funding terrorist





A hacker 'Cahya Fitrianta' sentenced to eight years in prison by the West Jakarta District Court judges for hacking into many economic websites to steal money and funding that money to terrorist groups.

He is also ordered to pay a Rp 500 million ($51,000) fine. He is charged with breaking into many sites, for running online fraud of billions of dollars and fund that money to terrorist training in Poso, Central Sulawesi.

Cahya was arrested in May last year in a Bandung hotel. The defendant, along with another man, Rizki Gunawan. Police in May arrested Rizki, accusing him of hacking a marketing firm’s website to steal money in order to fund militant training.

They both accused of channeling money to terrorism suspect Umar Patek, who was sentenced this year to 20 years for his role in the 2002 Bali bombing.

“Aside from engaging in a vicious conspiracy, the defendant was also found guilty of laundering money, which he obtained from hacking the www.speedline.com website and used the proceeds to fund military training in Poso”

Meanwhile, the prosecutor decided to appeal because the sentence received is lower than demand and even it is lighter than the 12 years prosecutors.

source www.americannewsblog.com

Friday, February 1, 2013

How the US is Preparing for Cyber Defense



Every government conscious of strategic importance of cyber security and of the investments of other countries in cyber warfare capability is improving its effort. Last week I wrote about Russian government and the Putin’s request to reinforce the garrison of the fifth domain, the cyber space, through a series of investment to secure national critical infrastructures from cyber attacks, in the previous months we have spoken of Iran, China and North Korea, all those governments are moving the battlefield in the digital world.

The US and Israel are considered in cyber warfare context most advanced countries, according international specialized press they have been involved in the creation of the first worldwide recognized cyber weapon, Stuxnet, and of many other related spy tool kits such as Flame.

According US officials the government is “is constantly looking to recruit, train and retain world class cyber personnel,”

Both governments, US and Israeli ones, are improving their cyber capabilities in response to high number of cyber attacks they daily suffer, The Pentagon has announced a major expansion of its cyber army to defend national infrastructures, as well as to empower offensive computer operations against hostile states.

The US government has decided an increase of 4000 units for the Defense Department’s Cyber Command, considering that actually the Command is composed by 900 specialists it has been decided to quadruple the resources dedicated to the operations in the cyberspace.

The expansion will be structured and will create the following three distinct areas controlled by Defense Department’s Cyber Command:

“national mission forces” is responsible for the protection of computer systems that support the nation’s power grid and critical infrastructure.
“combat mission forces” is responsible for offensive operations.
“cyber protection forces” is responsible for Pentagon’s computer systems security.
William J. Lynn III, a former deputy defense secretary who worked on the Pentagon’s cyber security strategy declared:

“The threat is real and we need to react to it,”

Pentagon has started various projects and initiatives to involve the private companies, universities and even computer-game companies to develop technologies to improve its cyber warfare capabilities.

Obama administration is massive investing in the cyber warfare preparing its structures to respond to cyber threats and also creating the condition to launch effective attacks against foreign and hostile states. If confirmed the ‘Olympic Games’ operation if the first sample of offensive conducted in the cyber space and arranged without conventional weapon, using digital attacks instead of military operations.

US has recently started the Plan X project that will involve also private non-military entities in what is considered “a call to arms”, it is more oriented on protecting the Defense Department’s computer systems than on disrupting or destroying those of enemies according official sources. Plan X is a project of the DARPA (Defense Advanced Research Projects Agency), a Pentagon section responsible for the development of new technology for use by the military.

“Because the origins of cyberattack have been in the intelligence community, there’s a tendency to believe that simply doing more of what they’re doing will get us what we need,”

said Kaigham J. Gabriel, acting director of DARPA.

“That’s not the way we see it. There’s a different speed, scale and range of capabilities that you need. No matter how much red you buy, it’s not orange.”

One of the main aspects of a warfare is the deep knowledge of the battlefield, for this reason one of the main projects to be financed is the tracking of cyberspace and all entities that populate it, its map have to be updated over time to allow precise monitoring of main area of battle. Other projects will be related to the hardening of Operating Systems, for mobile devices and desktop installations, to resist to any king of cyber attacks, US researchers have a clear idea of the OSs of the future, totally different from the one we ordinary use.



Many experts sustain the one of the primary target is to develop a new generation of cyber soldier, artificial intelligence able to prevent cyber attacks and that is able to conduct powerful offensives automatically. The research program promoted by DARPA agency has a duration of five years and will be financed with $110 million starting from this summer. The agency has allocated a total budget of $1.54 billion from 2013 to 2017 with the specific target to increase cyber-offense capabilities.

DARPA has recently announced the development of many other interesting projects, one of the most ambitious is the new Cyber Targeted-Attack Analyzer program that will attempt to automatically monitor the entire defense network without human intervention. Another interesting project is the Space Enabled Effects for Military Engagements, also known as SeeMe, that will build a constellations of micro-satellites to provide troops with accurate satellite imaging within 90 minutes.

What is the theme of the main projects related to cyber warfare capabilities?

Governments all around the world are committed for the definition of a proper cyber strategy that represents an optimum balance between a good cyber offense and an efficient cyber defense. Cyber conflicts are characterized by the necessity of an immediate cyber response to the incoming cyber threats, in many cases the reaction must be instantaneous to avoid the destruction of assets and resources.

Human factor and human capacity of judgment could represent element of delay not acceptable in an electronic disputes that happen in real time, due this reason is assuming fundamental importance the concept “proactive defense“. The massive introduction of technologies in every object the surround us has increased nation attack surface, power grids, telecommunications and any other critical infrastructure are still vulnerable to cyber attacks.

The protection of national infrastructures is one of the primary goals for cyber strategies, but due nature of the possible offense, instantaneous and unpredictable, has highlighted the need to develop systems for automatic defense that can independently respond to a cyber threats from cyber space, but this option introduces significant problems in terms of “devolution of decision” and “rule of engagement”.

Are we ready to trust in such critical decisions taken by the machines?

The Homeland Security Department In September has released REQUEST FOR INFORMATION – RFI-OPO-12-0002 titled “Developing a Capability Framework for a Healthy and Resilient Cyber Ecosystem Using Automated Collective Action” to gather information from Industry to evaluate the current state of technology in the cyber ecosystem environment.

This Department is working with NIST to develop system capable of using a defensive concept called Automated Collective Action, following the definition provided in the document:

“Automated collective action refers to processes in a cyber ecosystem or community of interest (COI) that select (and perhaps formulate) automated courses of action that will be performed by the ecosystem or COI in response to cybersecurity events. Policies, procedures, technology, and a high level of trust are necessary to enable automated collective action. An appropriate level of human intervention might be required to ensure unintended consequences do not result from flawed courses of action. Determining which cybersecurity events are normal and which are unauthorized or malicious remains a major challenge. “

The officials of DHS declared that US need to respond in automated fashion to automated attacks from cyber space. The researches need to evaluate the feasibility of a system completely independent in the detection of anomalous situations and able to respond in a proportionate manner, the solution thanks to automated processes have to be able to monitor and respond to cyber threat while maintaining mission-critical operations.

The final target is the substitution of humans into the decision loop to respond to increasingly sophisticated attacks.

In more than one occasion U.S. Defense Secretary Leon Panetta. U.S. Defense Secretary Leon Panetta, has expressed very concern about the possibility of a major cyber attack against the country and its critical infrastructures, to aggravate the scenarios the economic crisis which has inevitable effects on the budget allocated to the defense.

The government is planning the biggest cuts to defense budget of the last decade, around $450 billion over a period of ten years. Persistent rumors speak of a further cut of $500 billion due an automatic mechanism of protection known as sequestration after members of Congress failed to reach an agreement to reduce the nation’s deficit.

The cuts represent a serious problem for the development of US capabilities in a delicate historical period, meanwhile the principal adversaries of US such as Iran, China and also Russia are massive investing trying to acquire a strategic advantage under this perspective.

In June 2012 Panetta warned on the possible risks deriving from the cuts, on the argument he said:

“It would guarantee that we hollow out our force and inflict severe damage on our national defense. I think you all recognize that sequester would be entirely unacceptable and I really urge both sides to work together to try to find the kind of comprehensive solution that would de-trigger sequester and try to do this way ahead of this potential disaster that we confront,”

“I’m very concerned that the potential in cyber to be able to cripple our power grid, to be able to cripple our government systems, to be able to cripple our  financial systems would virtually paralyze this country and as far as I’m concerned that represents the potential for another Pearl Harbor  as far as the kind of attack that we could be the target of using cyber,”

The scenario hypothesized by Panetta is realistic and dramatic, a cyber attack against an US critical systems could represent a disaster. The possible source of attacks could be foreign governments but also cybercriminals or cyber terrorists.

In October, Mr. Panetta raised again the question with strong words, the US was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to cyber attacks against its critical infrastructures that could cause a catastrophe.

Panetta was particularly concerned by the growth of Iranian cyber army that many sources accredit for the attacks to Saudi Aramco and that could be able to hit US on national soil through a cyber attack.

But cyber espionage campaigns are also considered operations of cyber warfare, foreign governments could be interested to spy on intelligence agencies and government offices to steal sensible information, let’s remind the recent attack to the White House.

Also industry and defense subcontractors are considered strategic targets for state-sponsored hackers that try to acquire intellectual property on military technology.

The world is changing and also warfare operations are shifting to cyber space, the battlefield is changed and also the actors of new conflicts are totally mutated, US such as any government must be prepared to the cyber warfare empowering its cyber capbilities.

source http://securityaffairs.co

Cyber Espionage Campaign against American New Agencies




The news is sensational as granted one of the most important journal, the New York Times has announced that during the last months it was victim of cyber espionage coordinated by Chinese hackers

probably state-sponsored attackers.

The attacks happened in concomitance with the investigation of the journal, published on Oct. 25th, that revealed that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune

worth several billion dollars through business dealings.

On Oct. 25th the AT&T informed The Times journal of suspect activities related ongoing attacks believed to have been perpetrated by the Chinese military.

Jill Abramson, executive editor of The Times declared:

“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,”

The hackers have tried to compromise the email account of journalists to steal sensible information, what is surprising is that the hackers have tried to infiltrate the network of the journal using

45 instances of targeted malware, as revealed by forensics analysis conducted by Mandiant security firm.

Mandiant experts observed that the hackers began work, for the most part, at 8 a.m. Beijing time operating for a standard work day, but the group of hackers has also attacks stopped for a couple of

weeks periodically.

The New York Times reported:

“The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts

at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.”

Jeffrey Carr made an excellent synthesis on his blog post, he explained What did the hackers do:

They first accessed the network around September 13
Installed malware that wasn’t detected by Symantec’s anti-virus
They installed backdoors.
Obtained passwords for 53 Times employees who didn’t work in the Times’ newsroom
They “created custom software that allowed them to search for and grab Mr. Barboza’s and Mr. Yardley’s e-mails and documents from a Times e-mail server” but that conflicts with Ms. Abramson’s above

statement
The article of NYT on the event referred that the hackers were traced back to the same universities used by the Chinese military to attack U.S. military contractors in the past, such as the

Lanxiang Vocational School Argument.

Investigators discovered that hackers cracked the passwords to access to a number of computers within the network, creating custom software that allowed them to search for and grab Mr. Barboza’s

and Mr. Yardley’s e-mails and documents from a Times e-mail server.

David Barboza is the Shanghai bureau chief author of the reports on Mr. Wen’s relatives, and Jim Yardley is The Times’s South Asia bureau chief in India, who previously worked as bureau chief in

Beijing.

The hackers run the cyber espionage campaign through a number of compromised computer systems belonging to universities in North Carolina, Arizona, Wisconsin and New Mexico, as well as smaller

companies and Internet service providers across the United States, according to Mandiant’s investigators.

Hackers used of a Remote Access Tool (RAT), one of the most popular is GhostRAT used by Chinese hacker in many other operations.

What is surprising is that on the overall cyber threats only one trojan has been detected by defense systems used by the New York Time and provided by Symantec company.

Symantec declared that it’s very hard to stop so sophisticated attacks:

“Advanced attacks like the ones the New York Times described in the following article, underscore how important it is for companies, countries and consumers to make sure they are using the full

capability of security solutions,”

“Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats.”

Symantec has confirmed that to mitigate these type of attacks it is necessary a different approach that needs extra layers of security, signature-based detection is the principal approach

implemented by principal AV software but it is not efficient against 0-day attacks.

Many experts agreed that endpoint monitoring was no longer sufficient to protect corporates from targeted Advanced Persistent Threats.

Another part of experts doesn’t accept that solution such as the one provided by Symantec is not sufficient to preserve internal networks from cyber attacks.

The cyber espionage is a practice subtle, insidious for which it is difficult tracks the real origin of the attacks, China certainly seems to be the main cause any other actor might be interested

to infiltrate the networks of the popular newspaper.

source http://securityaffairs.co