Symantec defiant after New York Times hackers evade antivirus defences

Only one Trojan detected, newspaper said

Symantec has offered a carefully-worded but defiant response to the news that one of its customers, the New York Times, was attacked by Chinese hackers with barely any intervention from its software.

Earlier today, the newspaper revealed that hackers probably connected to the Chinese military had spent four months trying to hack into the email accounts of dozens of its journalists, entering the network via compromised PCs.

Forensics carried out by the paper's security consultant Mandiant showed that the weapon of choice was 45 pieces of targeted Trojan malware, only one of which was detected by the installed Symantec antivirus software.

Clearly sensitive to the issue, Symantec's response has been to issue a statement implying that such sophisticated attacks could only be stopped using a layered security approach.

"Advanced attacks like the ones the New York Times described in the following article, underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions," read a statement.

"Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats."

Symantec did not say whether the New York Times had access to those extra layers of security, nor why they would not have been configured if they had. Signature-based AV remains the core of most endpoint security.

It is unlikely that either side will want to be drawn into an embarrassing public argument and so no more will likely be heard of the matter.

Commenting on the hacks, BAE Systems Detica's Cyber Security MD David Garfield agreed that endpoint monitoring was no longer sufficient to protect organisations from targeted Advanced Persistent Threats or APTs that use Advanced Evasion Techniques (AETs) to hide.

"Organisations shouldn't ask what their security tools are telling them, but ask what they are not telling them; that can only be done by monitoring and analysing their networks for evidence of compromise," he advised.

The question, then, is less why Symantec's software didn't spot the attacks but how any conventional antivirus software could do a better job under the same pressure.

Tags Personal Technew york timessymantecsecurityMandiant

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Authentication

RSA offers a wide range of strong two-factor authentication solutions to help organizations assure user identities and meet compliance requirements.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.