The attack on Lockheed-Martin has been linked to the attack earlier this year on RSA Security. That attack compromised the encryption keys of RSA’s SecurID tokens, and fake authentication tokens were apparently used in the attack on the defense contractor.
You would think that attackers armed with the keys to the vault would be able to clean house and walk out with all kinds of top secret plans for next generation military aircraft and weapons systems, but Lockheed-Martin says no. It claims the attack was detected, identified, and thwarted before any data was compromised, and that its network is locked down and secure.
Then you have Sony. We don’t know much about the details of the Sony attacks, but I have not seen any speculation related to RSA SecurID tokens. The attacks against Sony have yielded sensitive information on 100 million customers or so, and it seems like every other day there is a breach of some new Sony network that continues to lead to a data breach.
Following news of the Lockheed-Martin attack, the United States government apparently offered its assistance to handle the matter. It seems, though, that Lockheed-Martin has things under control, and that perhaps the United States should see if it can stop the hemorraging at Sony.]]>
Peter Schlampp, VP of Product Management for Solera Networks, commented, “Sony advised customers to be vigilant in keeping an eye on their credit card statements. If Sony had clear details of which customers had been affected by the attack, they would be able to work directly with them. Not knowing the details means that Sony now has to assume that all 77 million accounts were affected. In reality, it may have been fewer than a million, maybe only a few thousand. In fact, it could have been only 10.”
Schlampp added that without decent logging and network forensics, Sony may simply not know what was breached, or how, or when. Organizations need to proactively put network fornsics tools in place. After a data breach, it’s too late.
He summed up with, “Every organization should be waking up to the fact that we are in a new threat environment, and the methods and technologies needed to secure our networks have changed.”]]>