Feeds

Krebs nabs ‘RSA attack’ list

Hundreds of networks hit

Secure remote control for conventional and virtual desktops

When RSA’s network security was breached earlier this year, the result wasn’t only the replacement of its SecurID tokens all over the world.

At the time, specialists believed that similar techniques could have been deployed against other victims who mostly didn’t go public. Only a handful of stories confirmed the use of information gained in the “RSA hack” to other targets – such as Lockheed-Martin and L-3 Communications.

Now, Krebs On Security has published a list of networks that carried attack traffic of some kind, either because hosts on the networks were compromised, because malicious traffic traversed the networks from other sources, or because researchers were building infected machines to observe their phone-home behaviour.

Most of the command servers were in China, he writes, with a handful in South Korea, the USA, Brazil, India, Italy, Pakistan and the UK.

As Krebs notes publishing the list, it has to be interpreted carefully. It would, for example, be unfair to assume that Trend Micro or Cisco’s IronPort business were compromised when they were more likely to be researching the attacks. Even so, his report states that around 20 percent of America’s Fortune 500 companies are on the list (keeping in mind, however, that some of those are the likes of Cisco, or telcos whose networks weren’t compromised but whose customers were).

The analysis is based on sources of traffic being sent back to the control machines used in the attack against RSA, and identified traffic sources by their AS names (that is, the names by which the networks advertise their routes).

Krebs notes the presence of names like Facebook, Amazon and Wells fargo on the list, as well as government departments in several countries, and a bunch of academic networks.

The Register’s scan of the list for Australian companies only identifies carriers (AAPT, Amnet, Pacific Internet, Macquarie Telecom, Telstra, TPG Internet, Westnet, Verizon Australia and Optus subsidiary Uecomm among them) and data centres (Micron21). ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.