Saturday, August 13, 2011

Lots has hAP(T)ened since... Kill those Shady RATs...

Well, it's been a long time since my last post and lots has happened since. Where should I start...

Earlier this year there were details released about Operation Night Dragon.

Mandiant released its second M-Trends report ("when prevention fails"), also mentioned on Businesswire. There were also some new, interesting "State of the Hack" and "Fresh Prints of Malware" presentations.

And most recently, there was lots of news about the "Operation Shady RAT".
Read Ira Winkler's article about it and make your own opinion.
I'd like to cite one paragraph of it:
"This is the root of the problem with how security vendors are dealing with the chronic issue of APT. They treat their customers' misery as their own intellectual property. Companies that investigate APT-related attacks rarely share their findings. They don't exchange information about the most recent malware obfuscation techniques, the best methods to identify compromised systems, the newest malware signatures, etc. Instead, they keep most of the information to themselves and treat it as a competitive advantage. What sharing there is falls far short of what would be required to encourage a robust response capability."
So what are Indicators of Compromise (IOCs) good for? Well, if they only get used by one security company, they can't reach the full potential.
Or are IOCs widely used and shared and I just don't know about it? Please let me know.

And then there's yet another interesting paper linked in there, which I've previously found, but haven't fully read yet.
"Far more information about this sort of thing came out in 2009, when The US-China Economic and Security Review Commission released a Northrop Grumman-prepared report called "Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation". That paper is infinitely more informative than anything that any security company has been willing to disclose."
Well, now it's time to read it. (before it gets too outdated)

No comments:

Post a Comment