Dealing With “Operation Aurora” Related Attacks

At McAfee we continue to work around the clock, investigating the attack we call “Operation Aurora” that hit multiple companies and was publicly disclosed by Google on Tuesday, January 12, 2010.

As I have written before, I believe this is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations. While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero day exploits. What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property.

The list of organizations reported to have been hit by the cyberattack continues to grow. As a result, many companies and governments are asking us how they can determine if they were targeted in the same sophisticated cyberattack that hit Google. The high profile cyberattack, linked to China by Google, targeted valuable intellectual property.

We’re also getting a lot of questions about the yet-to-be-patched vulnerability in Internet Explorer that was exploited in the cyberattack. That’s an important question as well, because Internet Explorer users currently face a real and present danger due to the public disclosure of the vulnerability and release of attack code, increasing the possibility of widespread attacks.

To help our customers respond to this threat, McAfee published a special Web page at http://www.mcafee.com/operationaurora with information about Operation Aurora and to answer questions related to protection and remediation.

Meanwhile we’re waiting for Microsoft to provide a fix for the serious vulnerability in Internet Explorer. Typically Microsoft releases security fixes on a monthly basis on what’s known as Patch Tuesday, the second Tuesday of every month. However, Microsoft is known to release patches out of cycle if there is a serious threat to its customers. The Microsoft team has been very responsive and I continue to thank them for their efforts. It will be interesting to see if this vulnerability forces and out of cycle patch update. We shall see…

We will continue to investigate Operation Aurora and watch for any attacks that exploit the Internet Explorer vulnerability. Internet users should be cautious with clicking links and opening e-mails that may be malicious. As hackers like to exploit current events, one attack we should watch out for, as despicable as it may sound, would be the combination of a phished email that exploited the IE vulnerability delivered as a “solicitation for donations” to help the struggling Haitian people.

We are already starting to see the bad guys mobilize their efforts to take advantage of the earthquake in Haiti. Our research teams have noted an increase in search engine scams and malicious sites are starting to appear. We have also seen e-mail scams related to Haiti as well as a spike in registration of domain names that refer to the Haiti disaster in some way. I hope we will be spared such attacks, but proceed with caution.

To get real time updates on this story follow me on Twitter at http://www.twitter.com/george_kurtzCTO

George

Tags: Cybercrime, google, Operation Aurora