 |
|
The monthly e-zine from Astec Computing - April
2011 |
0800
0150 971 |
|
|
To return to main e-zine
click here |
|
 |
|
Hackers excel in RSA cyber attack |
|
 |
|
Hackers have
exploited a vulnerability in Adobe's
Flash Player using Microsoft Excel
documents to target various
organisations, the most notable
victim being SecurID makers, RSA
Security. |
|
|
 |
| |
|
| |
 |
|
According to a
security advisory issued by Adobe, attackers exploited an
unpatched bug by “embedding malicious Flash files within a
Microsoft Excel document sent as an e-mail attachment”.
It is alleged that the attackers breached RSA’s security
and gained access by sending two small groups of RSA
employees emails with these spreadsheets attached. The email
was then opened by an employee, thereby inadvertently
letting the hackers loose into the network.
Wolfgang
Kandek, a technology expert, commented on the situation -
claiming the hackers probably used Excel files as generally,
people don't expect this kind of document to be part of a
hacking strategy. He said “hackers use whatever mechanism
makes sense, and Excel files are generally trusted
documents. So [the Excel document] is just part of the
social engineering element here”.
|
|
Hacking the anti-hackers
RSA’s two-factor authentication
devices have developed a sound reputation over the
years, providing greater levels of security to
consumers, with some of the world’s largest
organisations, including governments, banks and
medical facilities all using their SecurID devices.
The devices work by generating pseudorandom
numbers that users input to prove they are indeed
who they claim to be, in addition to supplying their
password, hence a two-prong (or ‘two-factor’)
system.
|
"Hackers use whatever mechanism makes sense,
and Excel files are generally trusted documents."
Wolfgang Kandek
Technology
expert |
|
|
|
Following the incident, RSA published an open letter on its
website to customers advising them that the effectiveness of
the technology had indeed been compromised in what they said
they believed to be an “Advanced Persistent Threat” (APT) to
their systems. In the letter, Executive Chairman, Art
Coviello, claimed that RSA was “confident that the
information extracted [in the breach would] not enable a
successful direct attack on any of our RSA SecurID
customers”, but went on to warn that the information “could
potentially be used to reduce the effectiveness of a current
two-factor authentication implementation”.
The fight against
cybercrime - how robust is your armour?
Whilst Adobe has since patched Flash and also updated Adobe
Reader, and RSA has taken swift steps to reassure its
customers that their data is safe, this incident must surely
serve to demonstrate that no organisation can rest on its
laurels in the fight against cybercrime.
In general
the number of malicious attacks continues to grow, and an
extract available from last year’s Internet security report
reveals these sobering figures:
|
|
•
|
286 million
-
number of unique variants of malware detected
|
|
• |
1 million
-
number of zombie computers controlled by Rustock
botnett
|
|
•
|
260,000
- average number of
personal identities exposed in each corporate attack
|
|
•
|
6,253
-
number of new software vulnerabilities that could be
used by criminals
|
|
• |
42%
- increase in
the number of vulnerabilities on smartphones
|
|
•
|
14
- number of never-before-seen 'zero day'
vulnerabilities that first turn up in malware
|
|
|
The following are just two practical
ways in which you can help yourself in the fight against
cybercrime. However, if you have specific concerns about
your own network security please contact us on the telephone
number below.
|
|
1)
|
Don’t rely on anti-virus and spyware software alone
- these should be the last line of defence.
Instead look to prevent the success of an attack by
denying it the platform to execute. Be proactive
with robust patching and configuration control
across the network or ask us to perform these
procedures for you.
|
|
2) |
Religiously analyse system logs and events - if an attack is so new that the vendor is
not aware of it or has not had time to issue a fix
then the only chance of detecting the activity is by
looking for the unusual behaviour to be found in the
many log files of perimeter and network devices.
Like the very best cat burglar, no matter how good
they are, a piece of evidence is always left behind
somewhere. Speak to us today for more information.
|
|
|
|
|
| |
|
Astec Computing (UK) Ltd
Astec House, Sedlescombe Road South,
St Leonards-on-Sea, East Sussex,
TN38 0TA
Tel: 01424 460721
Fax: 01424 430888
Email:
enquiries@asteccomputing.co.uk
Company registered in England no.
2906412 |
 |
|
|
|
|
|
|
