Security experts at computer security firm McAfee have reportedly uncovered a massive cyber-espionage operation carried out over a period of five years. The operation called 'Operation Shady RAT' resulted in security breach at 72 government bodies, international organizations and corporations. According to Reuters, the victims include governments of Canada, India, South Korea, Taiwan, United States (U.S) and Vietnam and international bodies such as Association of Southeast Asian Nations (ASEAN), International Olympic Committee (IOC) and United Nations (U.N). Dmitri Alperovitch, Vice President Threat Research at McAfee Corporation, reportedly made the revelations in a 14 page report.
Attackers also targeted several companies across various industries, which the computer security company has chosen, not to disclose. Alperovitch reportedly wrote that even the company was surprised by the diversity of the targeted companies. U.S based companies were most affected by 'Operation Shady Rat'. The breaches started around 2006 and still continue. The intrusion reportedly lasted for several months. The computer security firm was able to trace the details of the attacks through logs stored on a command and control server, first identified in 2009. IT professionals across various industries must constantly improve their skills through e-learning and online degree programs to deal with varied threats.
Such attacks result in disclose of confidential proprietary information related to technologies and business operation. Intellectual Property plays a critical role in the success of an organization. Intellectual Property provides strategic advantage to organizations over their competitors.
The computer security firm has not ruled out the possibility of involvement of a nation state in the biggest cyber-intrusion saga. At the beginning of the year, Google claimed that it has suffered cyber-attacks from a nation state. Earlier in the year, McAfee had released a report on attacks on Global Energy companies, wherein attackers targeted major oil, energy and petrochemical companies. Terming the operation as 'Night Dragon Attacks', the company said that attackers attempted to steal project-financing and proprietary information through a combination of various attacks, which include active directory compromises, remote administration tools (RAT), spear phishing and Windows exploits. Organizations must create cyber security awareness among the staff through training programs, workshops and encouraging them to benefit from online university degree programs.
Organizations must conduct in-depth and regular evaluation to remediate security flaws and strengthen the IT infrastructure. Professionals qualified in computer science degree may help in improving the security practices in the organization.