Advanced Persistent Threats against RSA Tokens
It is doubtless that technological advancements continue to transform the world in different ways. However, this state also exposes the world to a range of security threats and concerns. While advances in technology assure people of their secure data, systems and networks, attackers are also advancing to keep pace with the trends. This complicates efforts to finding a reliable solution to technological threats for internet and system security. Of great concern is the fact that attackers have managed to infiltrate systems, which were initially thought to be secure. This shows how attackers are in continuous business of countering every security system, which experts develop. It is evident that attackers are investing in their systems with expertise, time and resources to ensure that they initiate successful attacks on their targets. This is evident from recent Advanced Persistent Attacks (APTs), targeting government and enterprise levels. These attacks largely aim at accessing government top secrets, product designs and intellectual property. During RSA APT Summit, which brought together government officials from the Congress, FBI, NASA and leading multinationals, the attendants focused on threats, vulnerabilities and solutions to cyber crimes. They filed the findings and decisions in a security brief.
Advanced Threats are customized cyber attacks on an organization, with the aim of monitoring operations, damage the system, interfere with services, introduce false information, and steal sensitive information (Harman et al., 2012, p. ii). It is important to note that this definition is not sufficient and the summit convener cautiously used it without providing a conclusive description of the attacks. In attempt to defend its position, members of the summit retorted, “Defining it could limit us and lead us to be blindsided. We need to constantly revisit the characteristics because they are always changing” (RSA, 2011, p. 3).
Today, experts grapple with the fact that it is almost impossible to resist cyber attacks because: “Cyber adversaries have the skills, resources, and motives to assail their high-value targets repeatedly, trying various techniques, until they succeed. They are compiling custom malware to evade signature-based detection tools, such as antivirus scanners. They are using social engineering techniques on unsuspecting employees to circumvent organizations’ perimeter defences. They are covering their tracks within systems and leveraging techniques they have perfected across multiple targets,” (Harman et al., 2012, p. 1). Based on this, experts opine that it is almost impractical to keep off attackers from the system. To deal with such threats, it is important to detect them early enough and neutralize them before they damage the system.
Notably, identifying attacks is no joke because perpetrators hide in system’s operations. However, the summit outlined several vulnerabilities, which attackers exploit to infiltrate system and wreck havoc. One of the leading threats is through social networks. It is possible for attackers to strike by compiling information about employees using social sites. Once they have this information, they employ existing tools in social networking to execute the attacks. The summit further noted that, “Some of the main infection vectors the delegates cited were e-mail, Skype, and instant messages with malware payloads in the form of PDFs, compressed HTML, script files, executables and attachments,” (RSA, 2011, p. 4). In most cases, attackers used emails, laced with malware to infiltrate more than 50 million personal computers in 2011.
In addition, attackers customize their operations using data exfiltration, complicating detection even when the attacks on email are common. Essentially, “Advanced threats often use sophisticated methods for compressing, encrypting, and transmitting data to other compromised organizations, leaving little evidence of the origin of the attack or the destination for stolen information,” (RSA, 2011, p. 4).
The summit also identified people as the second vulnerability, which attackers exploit to infiltrate systems. These people are mainly users of an organization’s system, who make wrong choices, installing malware after being duped and following malicious links, which open the system and render the user vulnerable to attackers. Attackers are becoming more cunning to bypass systems put in place to neutralize email attacks, scan network, cancel malicious links and detect viruses. In particular, advanced attackers “are now creating highly credible scenarios in which they convince users to click on the dialog boxes warning of fake software updates, retrieve content from quarantined areas and act (unknowingly) on behalf of the attacker” (RSA, 2011, p. 4).
Attackers exploit the fact that most system users perceive workstations as their extensions. They use this threat to their advantage by manipulating the people who are to protect the attacks to commit the crimes. While making submissions on people as one of the vulnerabilities, a summit member noted, “The perimeter is not a firewall; it is our users. They do not treat their computer as an adversary; they treat it as a tool—an extension of themselves—so they do not question what it tells them” (RSA, 2011, p. 5).
Even though an organization can have a range of measures to prevent system infiltration, attackers can successfully use an array of methods to attack a system viciously. A good example of these methods is Man-in-the-Middle attack, which attackers use to execute attacks. The hit is always successful because the attacker “is able to fool a user into establishing a communication link with a server or service through a rogue entity” (Steward, 2007, p. 4). In essence, attackers use rogue entity to interrupt server-user communication without the user’s knowledge. Here, the attacker also controls the host. The hit is therefore successful “by somehow fooling the user, their computer, or some part of the user’s network into re-directing legitimate traffic to the illegitimate rogue system” (Steward, 2007, p. 4).
Another method of attacking unsuspecting system users is phishing. Attackers have used this method over the years. In 2001, attackers on RSA used an email attachment that had a spreadsheet, which capitalized on the weakness of Adobe Flash. With then zero-day vulnerability, the attackers accessed RSA system with ease. “The attackers were able to gain access to RSA systems that held information related to their two-factor authentication tokens, known as SecurID. This information potentially included “seed” values, which RSA uses with their tokens to generate one-time passwords that change every 60 seconds. If the source code itself were stolen, attackers could look for vulnerabilities in the SecurID implementation or even the encryption itself” (Miller, 2012, p.6).
From the RSA attack, it is clear that the main aim of APT is to steal sensitive information, which the attackers can use against their prime targets. One needs gates and controls over data to deal with such attacks. It is important to use a range of sates including data in-use, data at-access, data at-rest, and data in-motion. This makes it impossible for attackers to take away the data. Organizations can also have the right policies in place to prevent unauthorised access to data and theft by signalling the administrator (Miller, 2012, p.11).
It is also possible to tame APT using internal infrastructure security. This protects data from external attacks, which are APT. Therefore, “In addition to appropriate network architecture and segmentation, internal infrastructure security includes properly configuring and securing individual servers and devices, and their environments” (Miller, 2012, p.11).
In most cases, attackers use vulnerabilities within a security system to initiate successful attacks. Importantly, they also use functions, commands and utilities in the operating system to execute their actions, by widening their scope of control, collect information and monitor systems. To neutralize this, one has to use attackers’ basic assumptions, by introducing other elements to the system without their knowledge. For example, files and commands that appear not to be protected or monitored by system logs can be both protected and monitored by an external tool” (Miller, 2012, p.11). In this case, the attackers’ permissions do not match the commands, which the system will execute. This allows the administrator to detect malicious infiltration and stop the attack before any damage.
Since complete control of APTs is almost impossible, the best approach is having secure systems is early detection. Moreover, you can control man-in-the-middle attacks by applying a range of technologies. A good example is the Privileged Identity Management tools, keep watch on the administrator and several accounts in the system. In some cases, they implement the least privilege principle. This principle gives users the privilege to perform their duties without exceeding certain limits. In case you want to perform tasks with higher privileges, “they can be granted elevated privileges to enable them to accomplish only the very specific task” (Miller, 2012, p. 8).
Early interception and use of detection software is also important. You should also use antivirus, with internet and malware protection to prevent email phishing. Here, malware attached to emails are detected and neutralized with ease before they become a threat. On the other hand, intrusion detection software is necessary in detecting and reporting unauthorised access to information in the server-host traffic.
Recent spate of APTs remains a threat of organizations, as network security and network systems remain vulnerable. While it is impossible to realize complete mitigation, it is vital to have measures in place prevent intrusion and allow early detection and neutralization before damage. Notably, people working in organizations at the highest risk of being attacked. Thus, it is the role of the organization to create awareness on system security. System users should also be cautious when using the internet and social media to lower vulnerabilities.
Hartman, B. et al. (2012). RSA Security Brief. RSA.
Miller, R. (2011). Advanced Persistent Threats: Defending from the Inside Out. CA Technologies.
RSA. (2011). Advanced Threats: The New World Order. RSA
Steward, J. M. (2007). Ten Ways Hackers Breach Security. Global Knowledge.
If you are seaching for the best place to get dissertation essays,custom essays,term paper writing,essay help,writing help,reseach proposal and assignment help from academic experts, globalcompose.com is a good solution for you!