Feeds

Krebs nabs ‘RSA attack’ list

Hundreds of networks hit

3 Big data security analytics techniques

When RSA’s network security was breached earlier this year, the result wasn’t only the replacement of its SecurID tokens all over the world.

At the time, specialists believed that similar techniques could have been deployed against other victims who mostly didn’t go public. Only a handful of stories confirmed the use of information gained in the “RSA hack” to other targets – such as Lockheed-Martin and L-3 Communications.

Now, Krebs On Security has published a list of networks that carried attack traffic of some kind, either because hosts on the networks were compromised, because malicious traffic traversed the networks from other sources, or because researchers were building infected machines to observe their phone-home behaviour.

Most of the command servers were in China, he writes, with a handful in South Korea, the USA, Brazil, India, Italy, Pakistan and the UK.

As Krebs notes publishing the list, it has to be interpreted carefully. It would, for example, be unfair to assume that Trend Micro or Cisco’s IronPort business were compromised when they were more likely to be researching the attacks. Even so, his report states that around 20 percent of America’s Fortune 500 companies are on the list (keeping in mind, however, that some of those are the likes of Cisco, or telcos whose networks weren’t compromised but whose customers were).

The analysis is based on sources of traffic being sent back to the control machines used in the attack against RSA, and identified traffic sources by their AS names (that is, the names by which the networks advertise their routes).

Krebs notes the presence of names like Facebook, Amazon and Wells fargo on the list, as well as government departments in several countries, and a bunch of academic networks.

The Register’s scan of the list for Australian companies only identifies carriers (AAPT, Amnet, Pacific Internet, Macquarie Telecom, Telstra, TPG Internet, Westnet, Verizon Australia and Optus subsidiary Uecomm among them) and data centres (Micron21). ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.