Although it may be easy to jump to (wrong) conclusions, especially regarding attribution of these attacks, a number of disturbing facts remain:

• Many actors have an interest in knowing what stories will be published in advance, ranging from stock brokers to nation states
• Revealing reporters’ sources by way of hacking into their accounts may have dire consequences for the sources, including torture and death. Most countries have laws protecting them for this very reason, but hacking circumvents all protection.
• News outlets are rather small companies with limited budgets and limited resources for protecting their networks against determined attackers
• News organizations are extremely vulnerable to attacks in which malicious code is supplied to employees by way of email attachments or links in email. Reporters use email and online sources all the time. It’s part of their daily business.

What can news and other organizations do to protect themselves?

By now it should be clear that relying only on endpoint security in a standard configuration is not enough to stop determined attackers with enough resources and skills. We need additional controls and monitoring to defend against them. Remember, they can try a thousand times and need to be successful only once. In defense we need to be successful every time. Watching who accesses data and from where, monitoring network traffic, and being suspicious about unusual activities (who exactly in your network is supposed to upload gigabytes of data to somewhere on the Internet?) are key to detecting and blocking such attacks. A security information and event management (SIEM) solution can be helpful there, especially if your human resources for monitoring are limited.

How many publications outside the United States have been victims of similar attacks? It’s very likely publications around the globe are being attacked or “pwned” as I’m writing this. You may want to check for anything unusual and protect against attacks that could hit you as well.

Global Footprint

The June report found evidence of millions of attempted transactions leveraging Zeus and SpyEye malware against financial institutions in the United States and the Netherlands. This new study documents the origin of these campaigns at a hosting provider in Kemerovo, Russia, with heavy connections to Albania and China. A key finding in our new research was that malicious infrastructure was reused in independent attacks. Both the starting point in Russia and a hosting provider in San Jose, California, have been involved in other Zeus botnet activity. Tracking these malicious activities can provide useful indications, “telltales,” of future events.

Beta Testing

Prior to conceiving Operation High Roller, our data shows that the fraudsters actively participated in early automated transfer systems against consumers and some business accounts and actively used Zeus and SpyEye in these attacks. These initial efforts were likely their test ground to gain knowledge of financial systems and their various fraud prevention practices. After initial experimentation, these groups evolved to more sophisticated techniques. Many of them actively used automated transfer system code against numerous European banks in late 2011, followed by the Winter and Spring 2012 attacks we documented in our first Operation High Roller report.

Next stop: ACH

Financial institutions, regulators, and security researchers should expect the likely next target to be Automated Clearing House payment channels. The fraudsters will build on the methods, malware, and infrastructure employed in Operation High Roller, laced with new ideas and locations to be discovered. We should be looking for any signs of “test cases” against these systems and tracking interactions to uncover malicious sites and infrastructure.

Legacy IT Solutions

While Chinese enterprise has traditionally used local, less expensive resources to create IT solutions, these solutions have quickly become obsolete and are inhibiting. As such, there is a push towards standardization and leveraging international vendors.

Accelerated IT Growth

Rapidly growing verticals within China include insurance, healthcare, and critical infrastructure, which all require a significant level of IT investment and often involve the exchange of highly sensitive consumer information. As a result, Chinese organizations need to address regulatory mandates such as PCI and Chinese SOX or C-SOX, in addition to security concerns.

Rapid Mobile Adoption

With the rapid adoption of mobile devices for personal and business use in China, leveraging solutions to enhance mobile security are becoming essential across every business vertical and with consumers.

Potential Solutions

To aid in the modernization and standardization of Chinese IT infrastructure, McAfee offers multilayer data center solutions for centralized, distributed, virtualized and cloud-based architectures. Through a combination of McAfee endpoint, network, and data-centric controls as well as partner solutions within McAfee’s Security Innovation Alliance (SIA) program, security can be delivered at a reduced cost and in less time.

For China’s rapidly growing verticals, solutions like McAfee data loss prevention (DLP) can provide controls at a network and endpoint layer to ensure that sensitive data doesn’t accidentally or intentionally leak out of an organization. On the compliance side, McAfee Database Activity Monitoring (DAM) provides specific controls that help address a number of requirements related to PCI and C-SOX, helping organizations understand how users are interacting with sensitive data.

Finally, to aid in the rapid adoption of mobile devices in China, McAfee provides controls to protect mobile device data loss and threats that target smartphones, tablets and laptops alike. These solutions can be leveraged for streamlined provisioning and revocation and improved access control.

Please visit McAfee Security Connected for more information about McAfee Security Connected Reference Architecture, and follow @McAfeeBusiness on Twitter for future updates.

The sprawling campus, about the size of the Pentagon, will include offices, call centers, restaurants, and living spaces, as well as at least seven enormous data centers. The move is a sign that organizations and countries are starting to step up efforts to grow the IT infrastructure to meet the surging demand for cloud computing and other data services. Funded by the government, China’s cloud city will be mainly utilized for government departments but also opened to private industries upon its estimated completion in 2016.

Is this a sign that data cities will become the newest feature of the urban oasis – powering a world that lives and breathes on the Internet?