Dyson College of Arts and Sciences

The attackers used nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and obscure their activity, according to Alperovitch. Relevant CSC Control (5): Malware Defense Company: RSA Security 18 , Attacked: April 2011 Most of the software-oriented attacks against computers have become less effective as their ability to 'trick' firewalls and intrusion detection software into treating the malware as benign or otherwise harmless has waned as companies develop more and more strengthened defenses against software-based attacks. This caused the attackers to turn to another pathway to gain access into computers: social engineering (in which people are tricked into altering their behavior by a would-be attacker) and phishing (using email attachments in the hopes that end users will click on them, unleashing malware into their computer). By sending email after email to users with catchy phrases to trick them into clicking on the email, it's usually a matter of time before many end users will succumb and click on the malware. More advanced (or more security-minded) end users think twice before clicking on anything that they are not expecting to arrive in their mailbox, and so it takes more inventive ways for the attackers to get them to click on nefarious email. To accomplish this objective, clever attackers often use social media to do targeted 'spear phishing' against particular groups of users, developing ever more sinister methods to get end user conformance. Such was the case at computer security firm RSA, which produces encryption software designed to keep data confidential. In this attack scenario, an end user at RSA was targeted via email, clicking on an email attachment entitled "2011 Recruitment Plan.xls". Doing so unleashed the stealthy program that contained malware which exploited an Adobe Flash vulnerability, causing the executed malware to run a remote access Trojan (containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm; Trojan software usually acts as a backdoor to a computer system causing data leakage without the system operating being aware that they, or their data, is being stolen). The malware was not detected by anti-malware software running on the end user's workstation and subsequently led to a breach of encryption keys used by RSA as part of their two-factor authentication scheme, rendering the product useless until redesigned by RSA engineers. Titan Rain Back in 2003, when Titan Rain first hit the U.S., targeting Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, NASA and other high-technology government-sponsored firms, the dawn of the Advanced Threat (APT) came about and has not stopped its constant probing and persistent attempts to breach the networks of America's most sensitive Internet web sites. Not only have the attacks continued unabated in their daily bombardment of key U.S. web sites but so too have their overall sophistication and complexity levels. 67

• Cover