About Me

Archive

Archive

Read More

Corporate Blogs

Feeds & Podcasts

Meet the Bloggers

Archive

Tags

12 Scams of Christmas, 2012 Virtual Sales Kickoff, Accredited Channel Engineer, ACE, ACE certification partner, Acquisition, Alex Thurber, Annual Partner Survey, Apple, ASIC, attacks, Australia, automobile, automotive, award, awards, beyond the PC, Biological Computer, Blackhat, C-SAVE program, Change Control, channel partner, Channel Partners, Channel Partner Town Hall, Channel Program, Channels Town Hall, chromebook, CIO Insomnia Project, Citrix, Civil War, cloud, Cloud computing, cloud security, Commercial/SMB, Commercial and Enterprise Deal Registration, Compliance, Consumer, consumerization, consumerization of IT, Continuing Education, Corporate Responsibility, critical infrastructure, cyberattacks, Cybercrime, Cyber risks, cybersafety, cybersecurity, cyber security awareness, Cyber Security Mom, cyberthreats, Database, database security, data breach, data center, data center security, Data Loss Prevention, Data Protection, Dave DeWalt, Dave Marcus, David Small, Deal Registration, Deep Command, DeepDefender, Deep Defender, DeepSAFE, DLP, Dmitri Alperovitch, education, Email & Web Security, Email Protection, embedded, EMEA, encryption, Endpoint Protection, Endpoint security suite upgrade, Enhanced Deal Registration, enterprise, epo, ePO DeepCommand, ePolicy Orchestrator, Family Safety, Focus, Focus11, FOCUS 2011, Foundstone, France, France Law, French Law, Gartner, Gavin Struthers, George Kurtz, Global Risk 2012 report, global threat intelligence, gold software support, google, government, GTI, Hackers, heidi klum, identity fraud, identity protection, IDF 2011, Incumbency Advantage Program, India, Initiative to Fight Cybercrime, innovation, integration, intel, intellectual property, intrusion prevention, iPad, IPv6, I Series, IT as a Service, IT Security market, Joe Sexton, julian Assange, kurtz, labs, law, LCEN, mac, Mac OS X, malware, Marc Olesen, mcaf.ee, McAfee, McAfee Application Control, McAfee Channel, McAfee Channel Partner, McAfee Cloud Security Platform, McAfee Data Loss Prevention, McAfee Employees, McAfee Firewall Enterprise, McAfee FOCUS, McAfee Identity Protection, McAfee Initiative to Fight Cybercrime, McAfee Labs, McAfee Labs Q3 Threat Report, McAfee Network Security Platform, McAfee Network Threat Response, McAfee Partner, McAfee Partner Learning Center, McAfee Partner of the Year Award, McAfee Partner Program, McAfee Partner Summit, McAfee Rewards, McAfee Security Management, mcafee total protection, McAfee Vulnerability Manager, Microsoft, Microsoft Security Bulletin, Mid-Market, Middle East, Mike Decesare, Mike Fey, Mobile, mobile applications, Mobile Data Protection, mobile malware, mobile security, MS12-020, M Series, national cybersecurity awareness month, National Cyber Security Awareness Week, NCSA, Network Security, Next Generation, next generation data center, Night Dragon, NitroSecurity, Nitro Security, north america, OCTO, Operation Aurora, Operation Shady RAT, PARC, Partner Acceleration Resource Center, Partner Care, partners, Partner Summit, Patch Tuesday, Paul Otellini, PCI, PCI DSS, Pemberton, peter king, policies, president obama, privacy, Products, promotion, Public Sector, quarterly threat report, regulation, regulations, Renee James, risk, risk and, Risk and Compliance, Risk Management, Riverbed, ROI, RSA, RSA 2010, s, SaaS, SaaS Monthly Specialization, safe, SAIC, Saudi Arabia, SCADA, scareware, security, Security-as-a-Service, Security Connected, security management, short url, SIEM, Small Business, Smart Grid, smartphones, SMB, SMB Advisor Tool, SMB Extravaganza, SMB Specialization, social media, social networking, social networks, social responsibility, solid state drive, spam, Steve Jobs, Stop.Think.Connect, Support, targeted attacks, TCO, Tech Data, technology trends, Telecommunications, The VARGuy, threat reduction, thurber, Todd Gebhart, Trust and Safety, twitter, UAE, Ultrabook, Underground Economies, United Arab Emirates, Vanity Fair, Virtualization, Virtual Sales Kickoff 2012, virus, VMworld 2011, WAN, Web 2.0, web security, wikileaks
Corporate : CTO :

Dealing With “Operation Aurora” Related Attacks by George Kurtz

Sunday, January 17, 2010 at 1:47pm by Archive
Archive

At McAfee we continue to work around the clock, investigating the attack we call “Operation Aurora” that hit multiple companies and was publicly disclosed by Google on Tuesday, January 12, 2010.

As I have written before, I believe this is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations. While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero day exploits. What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property.

The list of organizations reported to have been hit by the cyberattack continues to grow. As a result, many companies and governments are asking us how they can determine if they were targeted in the same sophisticated cyberattack that hit Google. The high profile cyberattack, linked to China by Google, targeted valuable intellectual property.

We’re also getting a lot of questions about the yet-to-be-patched vulnerability in Internet Explorer that was exploited in the cyberattack. That’s an important question as well, because Internet Explorer users currently face a real and present danger due to the public disclosure of the vulnerability and release of attack code, increasing the possibility of widespread attacks.

To help our customers respond to this threat, McAfee published a special Web page at http://www.mcafee.com/operationaurora with information about Operation Aurora and to answer questions related to protection and remediation.

Meanwhile we’re waiting for Microsoft to provide a fix for the serious vulnerability in Internet Explorer. Typically Microsoft releases security fixes on a monthly basis on what’s known as Patch Tuesday, the second Tuesday of every month. However, Microsoft is known to release patches out of cycle if there is a serious threat to its customers. The Microsoft team has been very responsive and I continue to thank them for their efforts. It will be interesting to see if this vulnerability forces and out of cycle patch update. We shall see…

We will continue to investigate Operation Aurora and watch for any attacks that exploit the Internet Explorer vulnerability. Internet users should be cautious with clicking links and opening e-mails that may be malicious. As hackers like to exploit current events, one attack we should watch out for, as despicable as it may sound, would be the combination of a phished email that exploited the IE vulnerability delivered as a “solicitation for donations” to help the struggling Haitian people.

We are already starting to see the bad guys mobilize their efforts to take advantage of the earthquake in Haiti. Our research teams have noted an increase in search engine scams and malicious sites are starting to appear. We have also seen e-mail scams related to Haiti as well as a spike in registration of domain names that refer to the Haiti disaster in some way. I hope we will be spared such attacks, but proceed with caution.

To get real time updates on this story follow me on Twitter at http://www.twitter.com/george_kurtzCTO

George

Bookmark and Share

Tags: , , ,

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

CAPTCHA Image

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (2)

  • Adam Johnson January 19, 2010 3:00PM

    I just got a spoof email that claimed to be from George Kurtz – reasonably legitimate looking, no obvious spelling or grammatical errors, with links with the visible text of www.mcafee.com/aurora, with a target of now.eloqua.com/

    Other links were to app.en25.com/, including a footer img src=

    The link to your Twitter web page was accurate however.

    Reply
    • Joris Evers January 19, 2010 6:59PM

      This is actually a legitimate e-mail from McAfee that was sent using a third party. We apologize for any confusion and thank you for asking us whether this is real or not.
      Joris Evers
      McAfee

      Reply