Today McAfee released a report (PDF File) called Operation Shady RAT highlighting what it claims to be evidence of ongoing attacks against commercial and government organisations all around the world. These victims also include the United Nations secretariat and the Olympics Committee for an Asian country. It appears the attacks have been ongoing since mid-2006 and impacted at least 72 identified organisations. According to McAfee “petabytes” of data ranging from classified government material, intellectual property rights and including information relating to oil and gas exploration fields.
At first glance the information sounds alarming and highlights online espionage at an unprecedented level. However, if we analyse the information further perhaps this report is nothing new and simply re-affirms what has been happening for years. Espionage, be it at the industrial or nation state level, has been ongoing for centuries. Countries have always spied on each other and companies in highly competitive markets have been known to do it also. The widespread proliferation of IT within many organisations has simply provided those agents with a new vector that they can exploit.
So while the McAfee report makes for interesting reading lets not panic and learn some lessons from it, such as;
- Always keep your anti-virus software up to date
- Ensure that all software is patched and up to date
- Provide regular security awareness training to users so they are not easily tricked by phishing emails
- Monitor the logs of your servers and firewalls for suspicious activity and act upon any anomalies
Shady RAT is not the first case of electronic espionage and it won’t be the last.