Is attack against Google (and others) a world-changing event?
George Kurtz, McAfee's worldwide chief technology officer, has blogged about how the Internet Explorer vulnerability - called "Operation Aurora" - was exploited, and going so far as calling it a "watershed moment" for cybersecurity.
"What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property," said Kurtz.
Click here for the complete content of Kurtz' blog.
For me, this feels a lot like the 1993 movie, Groundhog Day, with Bill Murray. It hasn't even been a year since security and operations chastised our industry for over-hyping Conficker. McAfee seems intent on stirring the FUD pot over the latest zero-day exploit in Internet Explorer. Is this déjà vu all over again?
But now word comes that Google -- the literal and figurative face of this exploit -- is investigating the possibility that some of its employees in the China office may have facilitated the attack. Google won't comment on the ongoing investigation, but Reuters is reporting that some Google China employees were denied access to internal networks after January 13, while some staff were put on leave and others transferred to different offices in Google's Asia-Pacific operations.
Watershed event for cybersecurity? I don't know. Competitors have tried to steal one another's intellectual property through illegal means since some caveman figured out a better way to make fire. What we know today is that to neutralize this exploit, you need to apply MS10-002. Do it today.
Director, Product Marketing