Cyberespionage campaigns, designed to infiltrate businesses and remain stealthy on corporate systems for months and sometimes years, is a serious issue, but often not the kind of attack disclosed to the public by organizations that have been infiltrated, according to security experts. The New York Times reported Thursday that its computer systems were infiltrated after legitimate account credentials were stolen from reporters and other employees. Once inside, the attackers used the valid credentials to remain stealthy on the systems, slipping past corporate antivirus and other security systems. It's an attack technique that's been repeated numerous times in recent years and commonly associated with documented high-profile data breaches, said George Tubin, senior security strategist at Boston-based security firm, Trusteer.
Here's a closer look at how the New York Times attack went down, as well as advice on how companies can reduce the risk of a cyberattacks in their organizations.