Symantec Responds to New York Times China Hack Report

Jan 31, 2013 1:23pm

Computer security giant Symantec is responding today to a report by The New York Times in which the news outlet said Symantec’s anti-virus software failed to identify dozens of pieces of malicious code that were installed on the Times’ network by Chinese hackers.

In the Times’ report, published Wednesday, the paper said that “over the course of three months” attackers managed to install 45 pieces of malicious software, or malware, and Symantec’s anti-virus software only caught and quarantined one of them.

READ: New York Times Alleges Chinese Hack Attack

The Times reported that Symantec declined to comment for their story, as is in line with their policy against commenting on customers. But today the California-based company released a statement saying that using only anti-virus software is not enough to face today’s threats.

“Advanced attacks like the ones The New York Times described… underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions,” a spokesperson for Symantec said in an email to ABC News. “Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.”

Chris Paden, another Symantec spokesperson, told ABC News that their current software security includes “reputation-based” technology designed recognize common hacker behavior and can stop the attackers from getting in from the start.

“Anybody running the latest security software… will be in a better position to protect themselves,” Paden said.

Mandiant, the cyber security company hired by The Times to eventually oust the hackers, said it is unclear how the attackers got into the system to begin with, but they suspect a common tactic known as spearphishing was used. Spearphishing involves a hacker tricking someone on the inside of the target network into clicking a link or downloading an emailed document that is laced with hidden malware.

MORE INFORMATION: Spearphishing Explained at Mandiant.com

Around the same time the Times published their report on the alleged Chinese hack, Symantec published a warning about spearphishing to industry officials in the aerospace and defense industries.

The company wrote that unidentified hackers were targeting “individuals in important roles” and attempting to trick them into downloading a report on the outlook of their industry. The report looked real enough, Symantec said, and emails even appeared to have been forwarded by colleagues.

The problem, Symantec said, is that once downloaded, the document automatically installs malicious code that’s capable of stealing system information, among other things.

According to a long-held dictum often repeated by security researchers, one of the best ways to protect computers from viruses is to be extremely suspicious of any attachments or links in emails, even if they appear to come from friends.

MORE INFORMATION: Spearphishing Attack Targets Aerospace and Defense Industry

You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus