Sign up for our newsletter
Technology / Cybersecurity

McAfee hits back in Shady RAT row

Security firm McAfee has responded to criticism of its Operation Shady RAT report and accused Eugene Kaspersky of "missing the point" of its investigation.

Earlier this month McAfee revealed details of a massive cyber attack that had hit over 70 governments and organisations across the world during a five-year period. McAfee vice-president of Threat Research Dmitri Alperovitch said the advanced persistent threat (APT) was, "the biggest transfer of wealth in terms of intellectual property in history."

Eugene Kaspersky, founder and CEO of Russian security firm Kaspersky Lab, criticised the report, calling it "alarmist". "We conducted detailed analysis of the Shady RAT botnet and its related malware, and can conclude that the reality of the matter (especially the technical specifics) differs greatly from the conclusions made by Mr. Alperovitch," Kaspersky wrote.

White papers from our partners

"We consider those conclusions to be largely unfounded and not a good measure of the real threat level. Also, we cannot concede that the McAfee analyst was not aware of the groundlessness of the conclusions, leading us to being able to flag the report as alarmist due to its deliberately spreading misrepresented information," he added.

Kaspersky also criticised McAfee’s suggestion that a single state was behind the attack due to its inexpensive and unsophisticated nature.

Now McAfee has gone on the offensive and hit back at Kaspersky’s comments.

Writing on the company’s blog, vice president & chief technology officer, Global Public Sector at McAfee Dr. Phyllis Schneck said: "[Kaspersky is] missing the point. This attack was exposed so honest global communities can be aware of the urgency of cross-sector cyber-resiliency."

"We lack the alacrity to defend against this threat without public-private collaboration, which begins with global awareness-the very thing we must promote to protect our way of life. It is unfortunate that Mr. Kaspersky takes issue with providing information to the public," Schneck added.

"Would it be alarmist to let a bank know that someone has just walked out with a wad of cash while they weren’t paying attention? It doesn’t matter how sophisticated the attack is if it results in material loss. If a bank robber gets $100 million by walking in the front door with a gun, it’s news-not because the attack is novel, but because of its effectiveness," the blog continued.

Schneck also suggested Kaspersky may have got his security threats confused when criticising McAfee’s report.

"Speaking of technical arguments, apparently Mr. Kaspersky has gotten it in his head that Shady RAT is a botnet. Really? Unfortunately for Mr. Kaspersky, he is getting botnets and advanced persistent threats confused. In this case, the APT should be really be called an SPT (Successful Persistent Threat). It was only as advanced as it needed to be."

The company also called on its rivals to work together to improve security.

"We invite critics to join with McAfee and our greater global community and focus on what we can do collectively to keep organisations safe from these types of attacks, prosecute and lower the profit model for the adversaries, and to protect our critical infrastructures and way of life worldwide."
This article is from the CBROnline archive: some formatting and images may not be present.