GCHQ calls for better defences against Shady RAT

The discovery of a cyber-espionage scheme to steal secrets from critical networks has prompted government signals intelligence agency GCHQ to urge businesses and other organisations to ramp up their online security.

The GCHQ call for the use of effective technical measures comes in the wake of a report by security company McAfee that 72 organisations had been the victim of cyber-espionage attacks over at least a five-year period.

"This report is another reminder of the need for effective cybersecurity," said a GCHQ spokesperson on Thursday. "The networked world offers huge potential for boosting growth, international trade and economic and social development worldwide. But in order to realise these benefits, cyberspace must be a trusted place to do business and share ideas."

McAfee warned that Operation Shady RAT, which aimed to steal intellectual property and information ranging from critical national infrastructure data to Olympics plans, was likely to have been perpetrated by a "state actor", or nation state. McAfee drew this conclusion after considering the range of organisations that were targeted, but it declined to speculate about which country was behind the attacks.

GCHQ said that "attribution for attacks in cyberspace is always difficult", and that global co-operation is needed to mitigate them. It added that an upcoming international government conference in London should help to establish what constitutes acceptable behaviour in cyberspace. The conference is scheduled for 1 and 2 November.

The McAfee report revealed attacks against a number of organisations, including the UN, various US federal agencies, a UK defence contractor, and a UK computer security company.