Krebs nabs 'RSA attack' list

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2011/10/25/rsa_attak_list_leaked/

By Richard Chirgwin
The Register
25th October 2011

When RSA’s network security was breached earlier this year, the result 
wasn’t only the replacement of its SecurID tokens all over the world.

At the time, specialists believed that similar techniques could have 
been deployed against other victims who mostly didn’t go public. Only a 
handful of stories confirmed the use of information gained in the “RSA 
hack” to other targets – such as Lockheed-Martin and L-3 Communications.

Now, Krebs On Security has published a list of networks that carried 
attack traffic of some kind, either because hosts on the networks were 
compromised, because malicious traffic traversed the networks from other 
sources, or because researchers were building infected machines to 
observe their phone-home behaviour.

Most of the command servers were in China, he writes, with a handful in 
South Korea, the USA, Brazil, India, Italy, Pakistan and the UK.

As Krebs notes publishing the list, it has to be interpreted carefully. 
It would, for example, be unfair to assume that Trend Micro or Cisco’s 
IronPort business were compromised when they were more likely to be 
researching the attacks. Even so, his report states that around 20 
percent of America’s Fortune 500 companies are on the list (keeping in 
mind, however, that some of those are the likes of Cisco, or telcos 
whose networks weren’t compromised but whose customers were).

[...]

_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn