[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Enemy At The Loading Dock: Defending Your Enterprise From Threats In The Supply Chain
By Robert Lemos
July 15, 2011
In mid-May, Lockheed Martin notified law enforcement and government
authorities that one of its systems had been breached. The defense
contractor later confirmed that attackers used information stolen from
RSA, Lockheed's security technology provider, to gain access to
RSA wasn't the only third party involved. The attackers first
compromised the systems of an unnamed contractor with which Lockheed
works and that had access to Lockheed systems, according to The New York
Times. Then they used information obtained from the RSA breach--data on
RSA's SecurID one-time password technology--to enter Lockheed's network
via the compromised contractor's systems.
Like Lockheed, which declined to comment on the RSA incident, many
businesses are tying themselves closer together with contractors,
partners, cloud service providers, and other third parties, giving
attackers new entry points to those businesses' networks and data.
Attackers aren't just on the prowl for vulnerable servers; they're also
hunting for vulnerable contractors and suppliers. And their victims
often know little about the security arrangements of those suppliers.
Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com