We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Symantec defiant after New York Times hackers evade antivirus defences

Only one Trojan detected, newspaper said

Symantec has offered a carefully-worded but defiant response to the news that one of its customers, the New York Times, was attacked by Chinese hackers with barely any intervention from its software.

Earlier today, the newspaper revealed that hackers probably connected to the Chinese military had spent four months trying to hack into the email accounts of dozens of its journalists, entering the network via compromised PCs.

Forensics carried out by the paper's security consultant Mandiant showed that the weapon of choice was 45 pieces of targeted Trojan malware, only one of which was detected by the installed Symantec antivirus software.

Clearly sensitive to the issue, Symantec's response has been to issue a statement implying that such sophisticated attacks could only be stopped using a layered security approach.

"Advanced attacks like the ones the New York Times described in the following article, underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions," read a statement.

"Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats."

Symantec did not say whether the New York Times had access to those extra layers of security, nor why they would not have been configured if they had. Signature-based AV remains the core of most endpoint security.

It is unlikely that either side will want to be drawn into an embarrassing public argument and so no more will likely be heard of the matter.

Commenting on the hacks, BAE Systems Detica's Cyber Security MD David Garfield agreed that endpoint monitoring was no longer sufficient to protect organisations from targeted Advanced Persistent Threats or APTs that use Advanced Evasion Techniques (AETs) to hide.

"Organisations shouldn't ask what their security tools are telling them, but ask what they are not telling them; that can only be done by monitoring and analysing their networks for evidence of compromise," he advised.

The question, then, is less why Symantec's software didn't spot the attacks but how any conventional antivirus software could do a better job under the same pressure.

IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

2015 visual trends: 20 leading designers & artists reveal what should be inspiring us in 2015

IDG UK Sites

Mac tips tricks & hacks: 10 things you didn't know your Mac could do