Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

RSA Breach: Not the First, Not the Last

Go ahead and click on the Viagra emails you’ve been warned about. Hackers don’t need to appeal to your libido to break into the company computer system. They have other compelling ways. These days they’ve been hanging around inside the network, building up profiles on company employees. By the time they have enough information and let loose their malware, you won’t even know that you were an unwilling accomplice in an advanced persistent threat.

Go ahead and click on the Viagra emails you’ve been warned about. Hackers don’t need to appeal to your libido to break into the company computer system. They have other compelling ways. These days they’ve been hanging around inside the network, building up profiles on company employees. By the time they have enough information and let loose their malware, you won’t even know that you were an unwilling accomplice in an advanced persistent threat.

Targeted Cyber AttacksVery recently, RSA revealed that it had been victimized by an APT. Company investigators said the attack resulted in sensitive customer information extracted from RSA’s systems, in particular critical information related to its SecurID, two-factor authentication products which are used by approximately 30,000 customers worldwide. The two-factor authentication uses an online password and a second form of authentication, such as an access card for online security.

How do hackers do it? Hackers get access into companies like RSA through APTs by acquiring sufficient information about a particular user. Once the hacker feels there is enough information, the hacker sends out a compelling email with an attachment or link. You would never think it was a fake, as it is something the user would expect, and appears to be from someone they know.

So, it could say, “John, here is the information about the Ottawa office and here are some details. Click on the link.” The email appears to have come from inside the company. So, a user clicks on it and malware is downloaded to the computer.

At this point, the hacker has access to your computer.

The technology has been unbreakable for many years, but if the attackers have access to the source code, they’ll have all the time in the world to reverse engineer and study how the system works.

Eventually, they will figure out the algorithm and break into the rest of the company. What we need to remember is that most firewalls are configured for what is called state full inspection. This means everything coming to the company network is blocked, but internet traffic going out is not. Once you open up that compelling email, it becomes a case of you called me and invited me into your house. Because I am using an encrypted channel like SSL, the technology inside most companies cannot locate me. I am a ghost and I can use your computer to search other company computers.

Let’s say the hacker wants access to specific information and the computer he hijacked doesn’t have the proper rights. He’ll have to find someone else in the company, like a CEO or someone in IT, with access. From there, he can craft another compelling email and the victim will also open the link to the attachment, thereby inviting the malware. Now the hacker can hop from computer to computer.

Gone are the days of enticing people with Viagra or Cialis. Now it is about building up enough information about a target to make emails look real and compelling. Someone wanting to get inside your network can send you a convincing email saying, “It was great meeting you at a certain event,” an event you actually attended. Most of the time they’ll offer you a link to photographs. Or they get in through Twitter with a shortened URL, which are very hard to detect.

Advertisement. Scroll to continue reading.

Are hackers more advanced? No, but they have found easier ways to hit their targets. The only way around this is to train company employees in security awareness and educate them on the different types of hacking. This isn’t happening as much as it should, with overworked employees and high turnover.

This knowledge is important outside of the office, when employees go home. For example, an employee downloads a bit torrent client on the corporate laptop. The next morning he returns to work and connects. Now the company system is running bit torrent software and hackers can get into the company and identify weak spots. Even with training, employees are still the number one threat to a company, even after they are terminated. A disgruntled former employee could collaborate with a talented hacker for revenge. There is no way to stop a hacker, we can only make it harder. They always go for the lowest hanging fruit. If a new authentication mechanism is hard to break, they are going to bypass the security by trying to locate a weakness somewhere else in the system.

In the next few years we can expect to see three-factor authenticity. We will see more biometrics technology. For example, let’s say an iPhone user wants to login to the corporate network via his phone through the built-in camera. Three-way authentication could mean facial recognition, fingerprint recognition and a password. You will need all three to match before the authentication will authorize you. This could be part of a company’s new defense strategy, for as long as it keeps hackers away.

For companies, the way around this is to constantly test and assess, have some type of 24/7 alarm system, and security information and event management.

The danger is getting worse, and most breaches are detected 3 months later, even though traces of the attack have been in the logs the entire time. Hackers have penetrated the Nasdaq, the government, and hacked into the U.S.A watch dog company, HB Gary. It is only a matter of time before these hacktivist groups say enough is enough and shut down the U.S government, the financial systems or the electricity grid. This is the future terrorist attack. With so many companies being violated, hacking has become a harsh reality. I tend to agree with Doug Kass, the well respected hedge fund manager who predicted that a successful cyber attack on financial systems is inevitable, and could potentially lead to significant losses for many as a result.

To coin a phrase from Diehard 4, “The future is holding a fire sale.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.