McAfee global security scare is due to criminal enterprise

"With automation, large intrusions of this magnitude are, sadly, common," comments Amichai Shulman, CTO and co-founder of Imperva. "Our most recent blog entry indicates 90 victims from a campaign that encompassed probably hundreds of thousands of potential targets over a few weeks of activity. Another recent campaign encompassed millions of compromised pages over thousands of sites over a few weeks of activity," he adds. Shulman believes that, rather than governmental involvement, this is targeted criminal hacking. "Botnet farmers are massively infecting computers by automated 'spear phishing' campaigns. Then hackers are able to profile the infected machines by organisation and sell machines to other hackers, who look for specific targets," he explains. He asserts that, in this way, the infection is only partly targeted. "However," he says, "those who use the payload eventually do target a specific organisation. It is important to make this distinction, because, unlike the commentary in the paper, I don't think that the adversary is really putting a lot of effort targeting a single organisation. It wouldn't be cost effective." According to Shulman, McAfee did "a great job getting the data, less so analysing it". That matters, he says, because correct analysis of motivation and methods is instrumental in allowing organisations to put the right controls in place. "Clearly the main issue here is infected machines connected to internal networks and accessing internal data sources," states Shulman. "This kind of threat emphasises the need for tighter control and audit around internal data sources – either database servers or file servers. "Database and file server monitoring solutions allow [companies] to detect abusive access patterns from within the organisation and apply access controls that cannot be bypassed by privileged users," he concludes.