While McAfee's recently released "Shady RAT" report concentrated on the victims of a mass cyberespionage ring, another researcher has decided to focus his attention on the adversaries behind such attacks. In a video recorded last week at the Black Hat conference in Las Vegas, Joe Stewart of Dell SecureWorks explains how he was able to trace 60 families of custom malware thanks to error messages yielded by a "connection bouncer" tool used by the hackers to hide their tracks, but which inadvertently pointed back to about a dozen command-and-control centers hosted by ISPs in China. Two of the malware families are known to have been used in the RSA SecurID breach. "It gives you a better line on attribution," Stewart told SCMagazineUS.com.
With the rise of state-sponsored espionage and advancedpersistent threats, security pros must divert their attention from deploying perimeter-focused security toward raising the cost for attackers once they're already inside.
The latest high-profile advancedpersistent threat victim is Adobe, after "sophisticated threat actors" were able to infiltrate a build server to access the company's code-signing infrastructure. The compromised cert is to be revoked.
The New York Times Co. is the latest victim of an advancedpersistent threat attack after the paper disclosed that hackers roamed its systems for four months, looking for correspondence related to a single story.