I've worked with RSA Security since my days as an informatics fellow when I first used SecurIDs as part of my early health information exchange work.
Just as I was transparent about the CareGroup Network Outage in 2002, RSA has shared all the details of their recent security breach.
It all started with a well crafted phishing email to a non-technical staff member with the subject line “2011 recruitment plan”.
Attached to the email was an excel spreadsheet that contained an exploit for a known vulnerability in Adobe Flash.
The exploit installed a hard-to-detect remote administration tool named Poison Ivy on at least one RSA computer. The end result was that an attacker gained access to the RSA network.
The attackers moved from system to system harvesting accounts until they came across those users who had highly privileged access to sensitive systems and data.
An internal staging system was “created” to collect, encrypt and transmit back up lists of usernames/passwords to systems.
Confidential material related to SecurID technology was FTPed to a remote site.
The attackers have not been identified.
The attack was remarkably sophisticated and illustrates the evolution of cybercrime over the past 10 years. Here are the 4 principal stages:
1st Generation – Because I can
Worms, defacement of web sites
2nd Generation – I can make money
Botnets appear, denial of service attacks, seeking payment to stop attacks
3rd Generation – Organized crime
Large scale management of attacks, coordinated use of tools and techniques, trojans, worms Phishing, targeted attacks
4th Generation – Selling the tools
Tools to perform attacks become “vended” with 24/7 support available, Botnet rentals, sophisticated Id theft services, Licensed Malware appears, Exploit knowledge is sold. Social Networks just for cybercriminals appear. Cybercrime supply chains are formalized and fine tuned.
I've described security as a Cold War - the faster we implement protections, the faster the cybercriminals innovate.
Thanks to RSA for sharing their experience with the rest of the industry.
No comments:
Post a Comment