The real Shady RATs: Vendors who eat each other

Security vendors who attack the validity of McAfee's "Shady RAT" report need to stop being hypocritical and move on.

This post will not be a defense of McAfee. I'm among those who believe the Shady RAT report is over-hyped. I have a lot of respect for McAfee's research team, and consider some of them friends. I also don't doubt a lot of their findings. It's the packaging I question.

McAfee calls Operation Shady RAT a five-year hacker attack against a broad swath of industries. The vendor says the bad guys hacked 72 companies and organizations in 14 countries in a massive campaign to steal intellectual property and national secrets.

We already knew this was happening. McAfee just delivered us more statistics in a new box. It's like when a band that's been around forever releases a "greatest hits" album every few years. The packaging is different, but the tunes are the same, just in a different order.

Now that I've gotten that out of the way, here's my bigger point:

McAfee is not a special case. I see vendors retread old news like this all the time. Attacking McAfee over Shady RAT is pure hypocrisy.

I get hundreds of press pitches a week from firms claiming to have discovered new, big attacks that are simply variations of all the attacks that came before.

Symantec researcher Hon Lau wrote a blog post about the "truth" with Shady RAT, writing:

While this attack is indeed significant, it is one of many similar attacks taking place daily. Even as we speak, there are other malware groups targeting many other organizations in a similar manner in order to gain entry and pilfer secrets. While there is a need for information, there will always be those ready to supply it. We may not always know the true motivations and identities of those behind these attacks, but we can work to exploit mistakes they make in order to get a better view of what they are doing and bring us one step closer to tracking them down.

Going back to my earlier question, is the attack described in Operation Shady RAT a truly advanced persistent threat? I would contend that it isn’t.

That's usually the reaction I have after reading one of Symantec's frequently-released threat reports. Nothing new here. Move along.

Eugene Kaspersky was especially harsh about the McAfee report, calling it alarmist and flawed.

"We consider those conclusions to be largely unfounded and not a good measure of the real threat level," Kaspersky said.

Everyone is entitled to their opinions. I have no problem telling you mine, and I'm sure that can get a bit irritating.

But when vendors attack other vendors, it just comes across as cheap, childish and useless.

Here's a tip to my vendor friends:

Instead of picking each others' research apart, why don't you focus on the more useful stuff, like improving the quality of your own products and the manner in which you communicate risk to your customers?

The customers can care less if you think a competitor's report is off the mark. All they care about is whether you're doing everything possible to earn the money they pay you.

--Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies