Thursday, May 26, 2011

Lockheed Martin Confirms Tenacious Cyber Attacks, Links Seen to RSA SecureID Breach

Lockheed Martin confirmed a sophisticated cyber attack that against its remote access systems that began on May 21. The company said its information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data. Lockheed Martin insists that its systems remain secure; no customer, program or employee personal data has been compromised. The company continues to work around the clock to restore employee access to the network, while maintaining the highest level of security.

Industry analysts believe the attack may be linked to the data breach reported by the RSA Security division of the EMC Corporation on March 17. RSA stated that its its own security systems were penetrated by an extremely sophisticated cyber attack, data was extracted, and this possibly compromised its two-factor, SecurID Authentication product.

In a research note at the time, NSS Labs said it believes the RSA attack had been "a strategic move to grab the virtual keys to RSA's customers – who are the most security conscious in the world. One or several RSA clients are likely the ultimate target of this attack. Military, financial, governmental, and other organizations with critical intellectual property, plans and finances are at risk… NSS Labs expects a string of breaches stemming from this event."

In an updated report, NSS Labs said this new attack is especially concerning because the Lockheed attacker will be authenticating as a trusted user. As such, existing security technologies, which look for "intrusions", will not be able to detect this kind of attack. The company predicts further trouble for companies using RSA's SecurID two-factor authentication.