back to article 'Chinese cyberspies' target energy giants

Five global energy and oil firms have been the target of "coordinated covert and targeted cyberattacks" by hackers based in China, according to net security firm McAfee. The five unnamed petrochemical giants are confirmed victims of the so-called Night Dragon attacks, which began before November 2009 and remain ongoing. …

COMMENTS

This topic is closed for new posts.
Happy

Great firewall

Maybe the rest of the world should erect its own "great firewall" and cut China off from the worldwide internet. While we're at it, cut off N. Korea too (loads of crap comes from there too).

I have blocked ALL traffic from China for years now. If you MUST let them have access then set up a seperate, minimalist system that they can spam/hack that won't matter so much.

1
0
Flame

Judging From My Experience With Corporate Germany

...this report could be fully true, except for the "McAfee solutions for the problem" part.

Instead of having a proper (ie speedy, pervasive) patch policy in place, the corpos have two-factor-authentication, x-ray machines to check the bag you bring in and restrictive physical access policies.

Worker's PCs have age-old firefoxes, age-old Flash and age-old JavaWebstart versions installed. Exfiltration by Google Mail's SSL is certainly possible. Spearphishing would be the easiest thing one can imagine.

One example:

http://www.businessweek.com/pdfs/2008/0816_spearphishing.pdf

The management people don't want to be bothered with the problem, they do not want to develop social and technological solutions which would reconcile security with business efficiency. All they are willing to do is to shell out money for some Magical Device, which would fend off the threat at the firewall. Because this does not require interacting with these smelly unshaved computer folks.

I know that there exist sophisticated firewall-level detection technologies, but they do not block an attacker who is aware of them. For example, a Firefox-based malware could first use an exploit in the Javascript engine to start itself and then use another exploit to persist itself into the cache of Firefox. Only after running for a long time (hours, days) the exploit would do its malicious work. How is a firewall-based "Firefox Simulation Sandbox" supposed to detect that ?

A sophisticated AppArmor- or Sandboxie-based solution could thwart this attack. But that would require more than writing a cheque. It would require these "skilled executives" to use their brain cells. Horrible !

0
0
This topic is closed for new posts.

Forums