Advanced Persistent Threats Against RSA Tokens - Case Study Example

? Full Paper Introduction After September terrorist attacks, developed countries have significantly changed the way of countering vulnerabilities from terrorism. Enormous amount of resources were utilized for mobilizing them on a very short time period. These mobilized resources were aligned to counter apparent cyber threats from terrorist attacks. Likewise, in the entire hoax, there was a requirement of evaluating homeland security that also pertains to Information technology infrastructure. The Information technology infrastructure was not the only consideration, as these attacks affect vulnerabilities pertaining to federal information systems and any organization that acquires information systems. However, there were several laws that were passed in the congress after September 11 terrorist attacks. In the process, a series of homeland security presidential directives were issued for sustaining domestic security. However, on the other hand, despite an economic turmoil from September 11 attacks, the aviation industry continues to grow at a rapid pace and is considered as a fundamental transformation. Moreover, there is also a significant change for managing air traffic via net-centric approach. The acquisition of this change will replace the traditional approach for controlling air traffic that is constructed on Information technology solutions. By focusing on security, there is a significant increase in utilizing computerized systems onboard of an air carrier. Likewise, these systems facilitate high airborne and internally located system connectivity, operational and maintenance requirements. Moreover, the net-centric ATM connectivity raises concerns for cyber security threats and vulnerabilities. Propagation threats are critical because it is capable of rapidly broadcasting traffic on the Internet along with bypassing intrusion detection systems. Likewise, for augmenting the primary phase of work propagation, it uses a ‘hit list’ comprising of overflowed users i.e. users consuming heavy bandwidth. By identifying users, worm spreads itself at a rapid pace when compared to traditional spreading worms. Moreover, this type of attack saves a considerable amount of scanning time by only attacking a visible target. In the context of any cyber threat to an airport, the airport cannot be the primary target, as the Spanair flight JK5022 crash was successful by one of the contributions from a Malware. Vulnerabilities Existed in the System / Attack Methods Computer network intrusions are becoming very sophisticated and advanced and they have enforced a challenge for modern computer network based organizations. Likewise, a new class of challengers called now as ‘Advanced Persistent Threats’ (APT) demonstrates a well-planned and sponsored, highly skilled hackers targeting highly classified data for gaining competitive edge specifically in corporate businesses, law firms, military networks, national or international politics (Cole, 2012). Likewise, these highly skilled cyber criminals utilize sophisticated tools and methods that are constructed to disrupt computer network defense semantics without being detected. As per Mr. Mike Cloppert, is a Co-Chair of the cyber threat intelligent summit says that the cyber threat intelligence can facilitate organizations to maintain an information classification and protection mechanism based on the priorities of these cyber criminals. As a result, the likelihood of success for these hackers will become low. Moreover, organizations can than plan accordingly for the targeted information and can counter these complex advanced persistent threats. Information security management team requires authentic and on time information for constantly monitoring new and potential threats and techniques. Likewise, exploiting the received information will improve a resilient defense posture of an organization. The number of RSA tokens implemented up till now exceeds 40 million and another 250 million are mobile software, as that leads the market for enabling two factor authentications (Dumas, 2012). Likewise, in two factor-authentications, password is generated that grants access to users on the network. The RSA token are common in financial institutions and government agencies for processing transactions. Three Methods to Protect against APT The Chief Security Officer for a corporate organization will adopt a common defense strategy that will lead to preparation of business and mitigating risks, as per IT security authorities. However, some of the APT for example Stuxnet integrates a portfolio of penetration methods and techniques. These combined penetration methods can be countered individually and can be easily defended. By practicing the baselines effectively will enable baseline security that will minimize the likelihood of hackers or cyber criminals managing a vulnerability management mechanism, security patch management for keeping security patches up to data and continuous monitoring of the IT security architecture for the organization’s infrastructure. Likewise, adopting best practices will facilitate organizations to perceive APT’s to some extent and other attempts such as hacking or human threats intentional/ un-intentional can be detected and prevented. Moreover, for protection against APT’s, a in depth defense mechanism along with advanced detection techniques, a resilient APT incident response planning and recovery planning along with security awareness session is essential. These practices will prepare organization to counter these advanced threats. Adopting a standard and certifying such as ISO27001 certification will also ensure protecting the Confidentiality Integrity and Availability of data within the organization. There are certain requirements to fulfill before achieving the certification such as establishing and maintaining an asset register, establishing and maintaining risk management plan, establishing and maintaining statement of applicability, establishing and maintaining configuration and record management, establishing and maintaining Business Continuity Plan etc. furthermore, effective policies and procedures along with guidelines must be in place in accordance to the ISO27001 standard. For maintaining effectiveness, security awareness sessions and surveillance internal audits are conducted to measure the compliance for each business functions that is available in the ISO27001 scope (Calder, 2005). Types of Technologies would Help Alleviate the Problems It is very important for organizations to review the assets marked as critical in the risk register. The executive and senior management along with the corporate communication function need communication for ensuring the PR messages are submitted for lowering the damage to the brand. Everyone from top to bottom, designation wise, must be trained and aware of the latest security trends in order to report incident within the organization. Likewise, everyone should be aware of security risks associated with any incident or potential attacks and their consequences. As mentioned earlier, if the organization certifies to one of the information security standards such as ISO27001, policies, procedures and adequate controls will be implemented. Advanced Persistent Threats have already exploited vulnerabilities in corporate organizations such as RSA, Iran’s nuclear reactors, Google incorporated and Sony Corporation as well. It is obvious that no one is safe from these intelligent and customized attacks tailored only for disrupting businesses and makes them suffer. These threats can be countered individually by making an intelligent defense mechanism. Three Techniques for Protection against APT As stated by the IT security specialist, the three methods are suggested in order to defend (Advanced Persistent Threat) APT risk in large organizations. In fact, simple security techniques cannot provide required protection for large organizations for APT as the threats are getting stronger. The advanced threats are the combination of high infiltration procedures. The main objective of most APTs is to obtain zero-day vulnerabilities for instance, the APTs like Stunxnet. However, these threats are detectable if considered independently. In addition, the techniques that are used by many advanced threats are well known and can be defend easily. In order to reduce the risk of possible threats, the organizations along with IT security providers must maintain proper level of security, updating security patches and frequent testing of security bearings. This will help an organization to identify the number of APTs, system hacking or accidental security breaches. Moreover, organizations must have an in-depth defense analysis for possible threats, on time risk identification capabilities, incident response map regarding APT, security training sessions and an incident recover map. This will help the organization to deal with the threats and to respond rapidly over the ongoing problem in order to save the asset from possible security threat. In addition, the organizations have to conduct re-evaluation procedures to reduce future security breaches. Furthermore, business procedures are made to reduce future risk. This can be implemented by correct allocation of finances and resources for the defense of expensive assets present in the organization. The security breach in RSA was accomplished by obtaining SecurID through phishing emails. The RSA has revealed that the security lapse is accomplished via formerly develop unpatched Adobe Flash hole. The emails were sent to the lower grade officers with the subtitle named “2011 Recruitment Plan”. The Elinor Mills, head of new technologies related to consumer identity protection at RSA wrote in his blog that the hackers sent these phishing emails last mint within the period of two days. These phishing emails contain Excel file attachments that states that the hacker has implemented a customized remote administration tool that is called as Poison Ivy Remote Administration Tool (Varsalone & McFadden, 2011). Likewise, this tool grants external remote administration request for accessing the system. Moreover, after gaining access, the hacker may execute many commands on the hacked system. This is a more common attack that is difficult to detect. The attack on RSA is known as APT i.e. Advance Persistent Threat. In addition, these types of threats mainly focus on the source code and other useful data to collapse organizations valuable network operations and IT infrastructure. These kinds of attackers gather information for several months before final attack. However, these times the attack was identified as well as defends by the RSA and their team. The head of new technologies and consumer identity protection says, “Since RSA detected this attack in progress, it is likely the attacker had to move very quickly to accomplish anything in this phase.” These threats are sent through emails or other social networks. The attackers use key loggers, snooping techniques to target specified employees. Furthermore, the attackers are using an unpatched hole through which they enter into company’s computer as stated by Google and several other organizations. These attackers were identified in China and used internet explorer to steal organizations valuable assets. References Cole, E. (2012). Advanced persistent threat : Understanding the danger and how to protect your organization. Burlington: Elsevier Science. Calder, A. (2005). The case for ISO 27001 IT Governance Ltd. Dumas, B. M. (2012). Information technology and society Taylor & Francis. Varsalone, J., & McFadden, M. (2011). Defense against the black arts: How hackers do what they do and how to protect against it Taylor & Francis. Read More