Actu
New York Times and WSJ hacked – FireEye comments
February 2013 by FireEye
The New York Times has been the victim of a cyber attack, which successfully infiltrated the newspaper’s networks to capture employee passwords as part of an advanced ‘spy campaign’. The attack, thought to originate from China, allegedly went undetected for a period of four months. The sophisticated attack breached defences that were in place and prompted the newspaper to lay blame at the door of its security provider, Symantec. Symantec has since issued statement claiming that “anti-virus software alone is not enough” and suggesting that it is up to companies to “make sure they are using the full capability of security solutions.”
In the second reported hack on a major American newspaper in a matter of days, news has also broken of an attack on the Wall Street Journal. It is believed that hackers – also thought to originate in China – have succeeded in infiltrating the computer systems of the news outlet.
Jason Steer, EMEA Product Manager and Architect at FireEye – a global leader in stopping advanced cyber attacks – has made the following comment:
“In today’s climate of highly sophisticated IT security threats, it is important that companies understand that anti-virus and other traditional security defences are increasingly ineffective against advanced persistent threats (APTs). Advanced targeted attacks not only penetrate defences, but also spread laterally and establish a long-term foothold in the network. The cyber economic advantage is therefore with offence – as the cost to launch an attack is often negligible, while the cost to defend against every possible attack is high.
“With the odds stacked against businesses, it is vital that companies – particularly those with intellectual property and other highly sensitive assets to protect – are taking into account the advanced, targeted nature of today’s threat. As we can see, hackers of varying levels have become very adept at overcoming traditional forms of security. A comprehensive strategy that includes both traditional and proactive signature-less solutions is the only way to truly bolster defences against attackers.”
