In August, a McAfee analyst detailed Operation Shady RAT, a hacking operation that targeted more than 70 organizations across at least 14 nations.
Researcher Dmitri Alperovitch characterizes the operation as commonplace, not unusual at all. ”This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing,” he wrote.
Eugene Kaspersky, founder and CEO of the extremely capable Kaspersky Labs, criticized the disclosure by McAfee. He characterizes the malware behind Shady RAT as a “lame piece of homebrew code that could have been written by a beginner.”
Was it the most sophisticated attack ever? Was it the longest-lasting attack ever? Was it a historically unprecedented transfer of wealth? Is there proof that 71 organizations were compromised and had data leaked? Was it backed up by a state? Does Shady RAT deserve much attention?
To all of these questions, Kaspersky replies “No” and downplays the significance of the threat.
And yet the controversy over whether this is alarmist reporting by an Anti-Virus vendor that potentially stands to benefit the more freaked out we get – only highlights the real issue: we are getting hacked every day in attacks that span the entire spectrum of sophistication.
Writing about a relatively unsophisticated method of breach is not crying wolf – or shouting fire – just to incite false hysteria. It’s doing the job of an information security professional, spreading the news of how the criminals are getting to our data and hoping, in the process, that more principals of our data infrastructure understand that we are vulnerable, every day, to getting hacked – and then take immediate steps to apply countermeasures.
Every single adult on the planet knows that fire is dangerous. But surprisingly few understand the dangers of criminal hacking. It’s up to us to spread the word.
What do you think?