RSA, Sony Breach News, Wireless Outages Lead Week's Security News
The week was marked by several service outages. BlackBerry users in Europe, Asia and North America were unable to check their messages over the week as Research In Motion worked to bring all its servers online.
RIM claimed it was aware of the problem and was working to resolve it, but didn't explain what was going on, leading many to wonder if the company was under attack. RIM explained later it was a problem with its network infrastructure, but it came under fire for not communicating the problems better.
No one thought Apple was under attack, but it was also plagued with unavailable servers and sluggish traffic. The company launched iCloud last week and released massive updates to Mac OS X, iOS and iTunes in order to allow users to upgrade their devices to access the new service.
The week began with RSA Security executives disclosing more details about the attack that compromised the EMC subsidiary's networks earlier this year and resulted in thieves stealing information related to the SecurID two-factor authentication technology. RSA said the attacks had been traced back to two separate groups who had not been known to work together in the past and that the evidence points strongly at some kind of nation-state involvement. RSA did not mention the suspect country by name.
Speaking of companies who had been breached earlier in the year, Sony was back in the news last week. This time, attackers had obtained a list of email addresses and passwords from a different source and had launched a mass log-in attack to try to access Sony services, including the PlayStation Network and Sony Online Entertainment.
Sony locked out approximately 93,000 users because the attackers succeeded logging in to those accounts, but the company pointed out that the attack succeeded on only a small fraction of users. Sony reminded users to not reuse passwords across sites and encouraged all users to select strong passwords for their accounts.
As Congress continues to debate and negotiate the details for what needs to go in the cyber-security bill, the Securities and Exchange Commission took action, issuing a guidance recommending that public companies disclose all cyber-risks and incidents that may have material impact on the organization's operations or financial results. Since the guidance doesn't carry any enforcement power, there's no way for the SEC to enforce it, but it is still a first step because it will encourage organizations to reveal information that investors should know about.
On the same day that Microsoft issued a sizable Patch Tuesday release for October, it released its latest Security Intelligence Report. SIR volume 11 identified some of the ways Web services and organizations are being compromised, and found that less than 1 percent were the result of a zero-day vulnerability.
Even so, Microsoft Trustworthy Computing researchers did not dismiss the seriousness of zero-days. The goal of the study was to point out that IT departments should not ignore zero-days, but not worry about it to the extent of skipping all the other security measures that would detect and block the 99 percent of more common attacks.
The United States Air Force finally issued a statement after the recent news about a mysterious keylogger that had allegedly infected the systems that control its fleet of unmanned surveillance and attack aircraft. It turned out it wasn't a keylogger, but "credential stealing" malware. It's a little unclear exactly what that means, since keyloggers are often used to steal credentials.
It's possible that the malware intercepts credentials saved in a file or a cookie instead of actually intercepting the keystrokes, Belkin's Cliff Unger told eWEEK. Either way, the Air Force tried to downplay the whole infection, calling it a "nuisance" rather than a serious threat and saying it infected an isolated system and had no access to confidential data. Unger noted that it was still a matter of concern that a siloed system got infected in the first place.