[ISN] Enemy At The Loading Dock: Defending Your Enterprise From Threats In The Supply Chain

From: InfoSec News <alerts_at_private>
Date: Mon, 18 Jul 2011 00:36:04 -0700 (MST)

By Robert Lemos
Contributing Writer
Dark Reading
July 15, 2011

In mid-May, Lockheed Martin notified law enforcement and government 
authorities that one of its systems had been breached. The defense 
contractor later confirmed that attackers used information stolen from 
RSA, Lockheed's security technology provider, to gain access to 
Lockheed's system.

RSA wasn't the only third party involved. The attackers first 
compromised the systems of an unnamed contractor with which Lockheed 
works and that had access to Lockheed systems, according to The New York 
Times. Then they used information obtained from the RSA breach--data on 
RSA's SecurID one-time password technology--to enter Lockheed's network 
via the compromised contractor's systems.

Like Lockheed, which declined to comment on the RSA incident, many 
businesses are tying themselves closer together with contractors, 
partners, cloud service providers, and other third parties, giving 
attackers new entry points to those businesses' networks and data. 
Attackers aren't just on the prowl for vulnerable servers; they're also 
hunting for vulnerable contractors and suppliers. And their victims 
often know little about the security arrangements of those suppliers.


Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com
Received on Mon Jul 18 2011 - 00:36:04 PDT

This archive was generated by hypermail 2.2.0 : Mon Jul 18 2011 - 00:37:51 PDT