McAfee Tracks Aurora Attack on Google Services

McAfee is investigating a cyberattack it calls “Aurora” that took advantage of a vulnerability that exists in several versions of Microsoft Internet Explorer (IE) and Windows. Aurora hit multiple companies, including Google, by delivering malware that exploits a previously unknown weakness in IE that allows remote code execution.

Once the malware was downloaded and installed, it opened a back door that allowed the attacker to perform reconnaissance and gain complete control over the compromised system. According to Google, which was one of roughly 20 companies targeted by the attack, it originated from China. The hackers reportedly attempted to gain access to the Gmail accounts of U.S., China-, and Europe-based Chinese human rights activists as part of what many believe to be ongoing cyber-espinonage.

Google says only two accounts appear to have been accessed in this attack, but third parties have routinely been breaking into the Gmail accounts of Chinese human rights activists via phishing scams and other means besides the new IE security vulnerabilities.

According to McAfee, this new type of malware attack, which it calls “advanced persistent threats” (APT), is replacing worms as the most severe cybersecurity threat today. APTs can infect, conceal access, siphon data or modify data without detection.

Every company in any way involved in providing Internet access or holding sensitive data in online databases needs to be fully aware of APTs and take every step possible to counteract them. Although Microsoft has offered a series of steps users can take to minimize the threat of the specific IE and Windows vulnerability exploited by the Aurora attack, non-expert users are clearly going to need a more automated approach from vendors to help prevent their sensitive data from being compromised.