Advanced Persistent Threats Against Rsa Tokens

Case Study 1: Advanced Persistent Threats Against RSA Tokens

CIS 502 Theories of Security Management

Introduction

The term “Advanced Persistent Threat” (APT) was first created by the US Air Force in 2006 to describe the difficult cyber attacks against specific targets over a long period of time. (ISACA, 2012). The authors of the RSA Security Brief (2011) article defines advanced persistent threats (APTs) as “one of the most menacing and fast-growing information security threats facing organizations today, particularly as companies move into the cloud.” APTs are difficult to detect because they remain hidden in systems over a period of time while gathering information. (Jackson, 2011). There are three main phases of an APT attack: social engineering, moving laterally inside the network and the goal is to extract what you can. (Rivner, 2011). The illustration below displays an APT attack sequence. (Trend Micro, 2013).

RSA, the Security Division of EMC software was breached by an advanced persistent threat (APT) that resulted in the compromise and disclosure of information related to RSA’s SecurID two-factor authentication products. (Jarmoc, 2011). The attack was confirmed by executive chairman, Art Coviello with him stating, “Our investigation has led us to believe that the attack is in the category of an advanced persistent threat.” (Jackson, 2011).

RSA provides Secure Data, Compliance, SIM, SEM, SIEM, PCI, Consumer Identity, Two-Factor Authentication, Custom Applications, Consulting, Assessment, and other security solutions and services to over 90% of the Fortune 500. (EMC, 2012). RSA SecurID token is two-factor authentication method used by government agencies, contractors, and banks to secure remote access to sensitive networks. (Mills, 2011). The user has to use a personal identification number and have possession of a token that generates a new on-time password every 60 seconds to prove the identity of the user accessing a...