Posted: 2 Min ReadExpert Perspectives

Symantec Enterprise: We Deliver Updated Protection Every Day to Our Customers

Protection is better than detection

Last week, the Australian Prime Minister Scott Morrison announced that an “Ongoing, “unprecedented” hack was being executed by a “sophisticated, state-based cyber actor against the Australian Government.”  Called the Copy-Paste compromises, it was hard to miss the news – every news agency in the country reported on the attacks and it dominated news headlines in the days following.

While these types of attacks happen around the world every day, it’s rare to see them make headlines in such an intense way. For Symantec, whether these attacks reach the public arena or not, it’s our job to follow these incidents.  And the good news is that Symantec already had you protected, well before the Australian Prime Minister announced these attacks publicly.

We deliver updated protection every day to our customers. The goal is to get protection into the field to prevent the threat from getting into our customer’s environment.  While there is a huge industry focus on detection, finding threats that evade protection, and rightfully so, protection is always preferable.  It’s better to block a threat than find it persistent in your network.  And the cost in resources and damage to the organization is significantly less.

We deliver updated protection every day to our customers. 

 Part of our best practices is to go through Indicators of Compromise (IOCs) that are shared with us to make sure we have protection in place.   Critical to having the worlds’ largest threat intelligence network is not only the amount of data you can collect yourself.  We do collect massive amounts of data from honeypots, activity monitoring nodes and our own telemetry.  And analysis of this data is responsible for the bulk of our threat intelligence and drives our protection.  But that’s not all that contributes to our threat intelligence. Good intelligence also requires good relationships.  And Symantec has long-standing sharing arrangements with Internet registrars, hosting and service providers, CERTs, government partners, and security vendors.

Based on our analysis of the IOCs and samples of the malware we have acquired, our customers were already protected and had no need to scramble.  Protection was in place. And remains so.    

We’ll continue to monitor the situation, as we do all incidents.  We’ll continue to keep our protection up to date and ahead of the bad guys. 

A list of the protections in place against the “Copy-paste” attack are listed below:

AV:

  • Trojan.Gen.2
  • Trojan Horse
  • Trojan.Gen.MBT
  • Backdoor.Trojan
  • Hacktool.Rotpotato
  • Hacktool.Jsprat
  • W97M.Downloader
  • Downloader
  • WS.Malware.1
  • WS.Malware.2
  • WS.SecurityRisk.1

IPS coverage on vulnerabilities exploited (as identified by ACSC):

  • CVE-2019-18935: [32288] Web Attack: Telerik UI CVE-2019-18935
  • CVE-2019-19781: [31961] Web Attack: Citrix ADC RCE CVE-2019-19781
  • CVE-2019-0604: [31531] Web Attack: Microsoft SharePoint RCE CVE-2019-0604

Email (Skeptic):

  • Trojan Horse
  • Backdoor.Trojan
  • Trojan.Mdropper
What’s Next for Cyber Security and Symantec?
Symantec Enterprise Blogs
You might also enjoy
Expert Perspectives2 Min Read

Why MITRE ATT&CK Matters

This collaborative framework offers defenders a common language to talk about tactics and techniques to foil Advanced Persistent Threats

Symantec Enterprise Blogs
You might also enjoy
Product Insights4 Min Read

SES Complete: Add To Your SOC Toolkit For Greater Visibility and Efficiency with Symantec

Symantec introduces new tools to improve SOC effectiveness

About the Author

Kevin Haley

Director, Symantec Security Response

Kevin Haley is responsible for ensuring the security content from Symantec’s Global Intelligence Network is actionable for its customers;including focus on education in security issues and incorporating the security content into Symantec’s enterprise products.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.