Shady RAT World Wide Hacking

Recently McAffe published a worldwide hacking report about what they are calling Shady RAT.

The United Nations, Olympic committees, governments, U.S. real estate company, a major media organization based in New York, a satellite communications company and other companies around the world, totaling 72 organizations, have been hacked by a “state actor”.

While there are suspicions as to which country was involved,it has not yet been proven. McAfee’s vice-president of threat research, Dmitri Alperovitch, wrote in a 14-page report that, “Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators. What is happening to all this data … is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat.”

What was also revealed that there were 11 command and control servers mostly based in Beijing or Shanghai. This bit of news should scare every company who thinks about moving their company’s files, customer data and/or intellectual property to the cloud. Data is becoming the new currency of the virtual world and criminals what it. The cloud is so tempting because the most value can be stolen from a single intrusion. What can be more attractive than a network with massive amount of data? Here are the major issues with cloud systems:

Where is the actual data being stores? Most servers are located off shore.
Companies have no control over how the data is partitioned, protected or isolated.
Companies don’t know what backdoors or spyware that is running in the server either intentionally or through a cyber attack.
Attacks may go unreported because the same U.S. privacy laws don’t apply in foreign countries.
Many times attacks are done through careless employee activities. Just look at Privacy Rights Clearinghouse for examples.
With well over 535 million potential victims of having their personal information compromised, the cost of a breach to a company averaging over $7.2 million and new privacy legislation being enforced to add even more regulation and financial burdens on business, don’t expose yourself to a targeted attack.

Here are some things you can do:

Encrypt all data on every computer and server.
Implement multi-factor authentication technologies like smartcards.
Train employees on the importance of security and what it can mean to their own employment.
Bring in IT security experts to monitor and evaluate your overall network security. While in-house IT is important, security requires specialists.
While nothing can 100% prevent a breach, however the goal is to throw in enough barriers to get the cyberthieves to look elsewhere and to mitigate any damage that they can cause.

Here are some sites that you can visit to find out more about Shady Rat.

Symantec
McAfeer
Computer World
WebPro Newsr
About Access- Smartr
Did you know that 35% of all data breaches are a result of lost, stolen or compromised personal computers? That means that although companies invest in numerous technologies to protect their information, they have a 35% gap in their security plan on PC’s.

Our product, Power Logon, assists in reducing financial and business risks associated with data privacy legislation compliance. By law (e.g. HIPAA, HITECH, FACTA, PCI, etc.) companies/education/gov’t entities must protect their customer’s and employee’s Personally Identifiable Information (PII). Failure to do so can cost these organizations, and their executive boards, millions of dollars in fines, fees and lost customers.

Please call us at 949-218-8754 for your no-obligation consultation.