Skip to content

Bit9

← Back to Blog
31 May 2011

The Cyber Attacks Continue

Harry Sverdlove

As I blogged about back in March, the RSA breach of its SecurID technology could be just one phase in a long term series of attacks on sensitive computer networks. This weekend, Lockheed Martin disclosed that it was the latest target in a sophisticated cyber attack that may have involved a breach of their RSA security tokens. At the time, I theorized that “attacking the end terminal and monitoring both the user passwords and token codes might be enough for an attacker to assume a user’s identity.”

While the details of this latest attack are not fully known, it appears that an attacker was able to get a keylogger installed on a system, and use the information captured along with knowledge about the RSA token generation algorithm to breach the Lockheed Martin network. If true, this is the worst case scenario for the RSA SecurID system. It would mean that a single point of attack can be used to defeat the dual factor authentication provided by the security tokens.

Soon after the RSA breach, the NSA recommended that defense contractors put in place additional passwords to access critical systems. Again, as I discussed in my blog on multi-factor authentication, simply having more passwords provides no significant additional protection. If the reports are true, and a keylogger was used in the attack, it wouldn’t matter if Lockheed Martin had required 20 passwords – all of them would be compromised by the same initial infiltration.

How did the keylogger get installed in the first place? It has been suggested that the attack came from a remote system that connected to their network via a VPN. This would not surprise me. If you are going to attack a secure network, your best bet is to go after its most vulnerable endpoints, which often means remote machines or computers connecting from a sub-contractor, where the systems are not under the direct control of the target’s security department.

In any case, is it possible that whoever attacked Lockheed was also responsible for the RSA attack? Absolutely. We are living in an age of state-sponsored, sophisticated, and organized cyber enemies. They plan and carry out multi-phase attacks across different targets and over long periods of time. And it is almost certain that such an attacker will continue to target high value systems.

email

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy this password:

* Type or paste password here:

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.


Our Solutions

Our Products

  • Blog

+1 617-393-7400 US