/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: McAfee, Inc. today released guidance to help organizations determine if they were targeted in the same sophisticated cyber attack that hit a growing list of companies, including Google. The high profile cyber attack, linked to China by Google, targeted valuable intellectual property.
“This is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations,” said McAfee Worldwide Chief Technology Officer George Kurtz. “It is a watershed moment in cybersecurity because of the targeted and coordinated nature of the attack. As a result, the world has changed; organizations globally will have to change their threat models to account for this new class of highly sophisticated attack that goes after high value intellectual property.”
As part of the fallout of the attack, Windows users currently face a real and present danger due to the public disclosure of a serious vulnerability in Internet Explorer. McAfee was the first to discover and announce that an Internet Explorer vulnerability was a key vector in the attack on Google and others.
Unfortunately, the risk has been compounded because the attack code that exploits this Internet Explorer vulnerability has now been posted in the public domain, increasing the possibility of widespread attacks. McAfee technologies provide protection against current threats related to the attack on Google and others.
How to know if your organization was compromised
Over 30 organizations have reportedly been targeted by the same attack that hit Google and the list of victims continues to grow. McAfee calls the cyberheist “Operation Aurora” and today provided detailed guidance to help organizations determine if they were impacted by the attack, which occurred over the December holidays and into early January.
McAfee’s guidance involves two steps:
1) If you are a McAfee customer, verify that you are using the latest threat definition files and perform a full scan on all machines within your enterprise.
2) Inspect network traffic history for communication with external systems associated with the attack.
3) Examine computers for specific files or file attributes related to the attack.