Hensley says he is uncertain how malware infiltrated the target networks, but they did so with instructions to find certain files. Once they did they contacted a command and control server hosted in a cloud provider's network which downloaded HTML files instructing the malware to send the data to six Internet drop sites, two in the U.S. and four in China, where they were picked up.
CISOs should perform internal penetration testing to find whether employees are engaged in attacks against their own employers, Hensley says. He cited the case of the hacker activist group Anonymous that called for a volunteer-based distributed denial-of-service attack against specified targets using a tool called Low Orbit Ion Cannon.
He says a client of SecureWorks found that employees downloaded LOIC to their work PCs and let it launch distributed DoS attacks. SecureWorks notified all its other customers about the case so they could be on the lookout. "Needless to say, the people who did it were fired," he says.
Read more about wide area network in Network World's Wide Area Network section.