[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Enemy At The Loading Dock: Defending Your Enterprise From Threats In The Supply Chain


By Robert Lemos
Contributing Writer
Dark Reading
July 15, 2011

In mid-May, Lockheed Martin notified law enforcement and government authorities that one of its systems had been breached. The defense contractor later confirmed that attackers used information stolen from RSA, Lockheed's security technology provider, to gain access to Lockheed's system.

RSA wasn't the only third party involved. The attackers first compromised the systems of an unnamed contractor with which Lockheed works and that had access to Lockheed systems, according to The New York Times. Then they used information obtained from the RSA breach--data on RSA's SecurID one-time password technology--to enter Lockheed's network via the compromised contractor's systems.

Like Lockheed, which declined to comment on the RSA incident, many businesses are tying themselves closer together with contractors, partners, cloud service providers, and other third parties, giving attackers new entry points to those businesses' networks and data. Attackers aren't just on the prowl for vulnerable servers; they're also hunting for vulnerable contractors and suppliers. And their victims often know little about the security arrangements of those suppliers.


Attend Black Hat USA 2011, hosted at Caesars Palace in
Las Vegas, Nevada July 30-Aug 4, offering over 60 training
sessions and 9 tracks of Briefings from security industry elite.
To sign up visit: http://www.blackhat.com