Canada to streamline IT services after Shady RAT

Canada authorities have announced plans to streamline the country's e-mail programs and network services to boost security following "revelations of breaches in network security", according to an AFP report.

Quoting the country's public works minister, Rona Ambrose, the report said government institutions in Canada were planning to merge more than 100 different e-mail systems into a centralized program to beef up security infrastructure and lower costs of maintenance.

When completed, the number of information systems will reduce from the current 300 to fewer than 20, and the 3,000 electronic networks currently used between government agencies will also be trimmed. The Canadian government said it would take two years to complete the streamlining process which would yield savings of between US$100 million and US$200 million.

The country was named as one of several victims in a wide-scale cyberattack, coined Operation Shady RAT (remote access tool), which was orchestrated over the past few years, according to a report this week by IT security vendor McAfee.

Impact of Shady Rat inconclusive
While top international organizations, including the United Nations, World Anti-doping Agency and International Olympic Committee, were identified as victims of Shady RAT, security vendor Sophos rebuked McAfee for labeling the cyberattack as "the biggest ever".

Sophos said there was "nothing surprising" in the report as it was well known that companies were targets of hackers who would install malware to gain remote access to computers and data.

Senior technology consultant, Graham Cluley said in a blog post that while 72 international organizations were named as victims, McAfee's report did not state what information was stolen or how many computers at each business were targeted.

The Sophos executive highlighted the "severity" of the Shady RAT in comparison with last week's incident in which personal data that was stolen from 35 million social networking users in South Korea, which population is estimated to be 45 million. Symantec went one-step further to document the attacks, saying it had "identified the initial attack vectors, the threats used and how the attack was staged."

A blog post by employee, Hon Lau, revealed that the attackers sent out e-mail messages with malware-laden attachments to trick employees into downloading and opening the Excel or Word files.

Once completed, the Trojan would connect with the attacker's remote server to stage attacks or retrieve data from the infected computer.

Symantec said the victims' information was freely available because the attackers did not secure their server properly and installed various Web traffic analysis tools on the system, allowing investigators to see statistics about computers contacting the command and control server to download command files.

The blog post mentioned that the motive and identity of the attackers remain unknown as both the victims and servers used to carry out the attacks were located around the world.