RSA was hacked last week and insofar they have released sketchy information on what was compromised and how their corporate customers can truly protect themselves. Online clients of corporate Internet application such as Internet Banking and Trading applications provide the greatest financial gain for the attackers.
Since it has been a week, all corporate customers should be already prepared for the worst case scenario and in progress with their communication plans, replacement program for the tokens, and reset of user passwords. Login and user activity logs for the applications should be also monitored to check that online clients are not already victims of man-in-the-middle attacks, where userids and passwords can be harvested through fake intermidiary 2FA login page. MITM attacks can be achieved through various methods such as spear phishing or arp poisoning.
The underground hacker scene has been quiet, with nary a whisper on the RSA attacks, which give rise to suspicion that this is a pro job with very targeted objective and the stolen RSA materials are just a mean to an end. Let's hope that you are not their target.
No comments:
Post a Comment