We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Symantec defiant after New York Times hackers evade antivirus defences

Only one Trojan detected, newspaper said

Symantec has offered a carefully-worded but defiant response to the news that one of its customers, the New York Times, was attacked by Chinese hackers with barely any intervention from its software.

Earlier today, the newspaper revealed that hackers probably connected to the Chinese military had spent four months trying to hack into the email accounts of dozens of its journalists, entering the network via compromised PCs.

Forensics carried out by the paper's security consultant Mandiant showed that the weapon of choice was 45 pieces of targeted Trojan malware, only one of which was detected by the installed Symantec antivirus software.

Clearly sensitive to the issue, Symantec's response has been to issue a statement implying that such sophisticated attacks could only be stopped using a layered security approach.

"Advanced attacks like the ones the New York Times described in the following article, underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions," read a statement.

"Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats."

Symantec did not say whether the New York Times had access to those extra layers of security, nor why they would not have been configured if they had. Signature-based AV remains the core of most endpoint security.

It is unlikely that either side will want to be drawn into an embarrassing public argument and so no more will likely be heard of the matter.

Commenting on the hacks, BAE Systems Detica's Cyber Security MD David Garfield agreed that endpoint monitoring was no longer sufficient to protect organisations from targeted Advanced Persistent Threats or APTs that use Advanced Evasion Techniques (AETs) to hide.

"Organisations shouldn't ask what their security tools are telling them, but ask what they are not telling them; that can only be done by monitoring and analysing their networks for evidence of compromise," he advised.

The question, then, is less why Symantec's software didn't spot the attacks but how any conventional antivirus software could do a better job under the same pressure.


IDG UK Sites

Black Friday and Cyber Monday 2014 tech deals UK Live: Best Black Friday deals from Apple, Amazon,...

IDG UK Sites

Why are people still buying satnavs? Smartphones are the modern satnav

IDG UK Sites

New Star Wars trailer: Watch the VFX-laden teaser for The Force Awakens

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & Black Friday tech offers UPDATED