New York Times targeted attack shows anti-virus failure

The sustained advanced attack against the New York Times by  Chinese attackers demonstrates failure in anti-virus, security professionals say.

The attack came in retaliation to a negative story published about the wealth of outgoing leader Wen Jiabao.

The hackers used methods associated with the Chinese military to breached The Times' network, experts said.

They broke into the email accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Wen's relatives, and Jim Yardley, The Times' South Asia bureau chief in India, who previously worked as bureau chief in Beijing.

Attackers installed 45 pieces of custom malware on the systems, set up at least three backdoors into users' machines and stole staff account details.

Symantec anti-virus identified only one instance of the malware, Mandiant said.

Symantec said in a statement said the attack highlighted the need for a "full capability of security solutions".

“Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."

Dimension Data UK security director Chris Jenkins said anti-virus needs to be smarter and broader.

“With an APT (Advanced Persistent Threat)  they are sophisticated and harder to track and understand, this is the way things have changed,” he said.

 “Users are looking for anomalies of traffic and trying to signal activities, even if it is only happening to one. Users need to share information and while some are working together, this should happen more."

BAE Systems Detica cyber security managing director David Garfield said traditional security technology such as firewalls and anti-virus were never designed to counter the attacks.

“Organisations shouldn't ask what their security tools are telling them, but ask what they are not telling them; that can only be done by monitoring and analysing their networks for evidence of compromise.”

Signature-based anti-virus tackles a problem that is largely irrelevant today, NCC Group chief executive Rob Cotton said.

"Security budgets must be spread across a range of mitigation strategies, such as thorough employee education, whitelisting authorised software, data loss prevention and third party security.”

This article originally appeared at scmagazineuk.com