Symantec on The New York Times Attacks: Antivirus Software Alone Is Not Enough

There's a very important lesson to be learned from this incident

By on January 31st, 2013 10:15 GMT

Earlier today, we have learned that the computer networks of The New York Times were persistently attacked by Chinese hackers after the newspaper published a report about the wealth of China’s Prime Minister Wen Jiabao.

The Times had been using antivirus software from Symantec to protect its computers, but 45 pieces of custom malware used by the attackers avoided detection.

Symantec has come forward with a statement explaining that organizations can’t rely solely on antivirus software if they want to ensure that their systems are properly protected against cyberattacks.

“Advanced attacks like the ones the New York Times described in the article, underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions,” the security solutions provider explained.

“The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats,” the company added.

“We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.”

On the other hand, as F-Secure’s Chief Research Officer Mikko Hypponen highlighted a few months ago, nation-sponsored threats such as Stuxnet and Flame are like James Bond.

“Stuxnet and Flame look like James Bond, the government-funded attacker with unlimited budget, with the latest and greatest technology, with unlimited resources, with the best possible training. And if James Bond wants to kill you, James Bond will kill you,” Hypponen explained at the time.

If Mandiant – the company in charge of investigating the cyberattacks on The New York Times – is right and the attacks are supported by the Chinese military, it would be safe to say that this is a “James Bond.”

Comments