Ten years ago, the computer systems of the corporate security giant RSA were hacked. The intruders’ final target? The secret keys known as “seeds,” “a collection of numbers that represented a foundational layer of the security promises RSA made to its customers, including tens of millions of users in government and military agencies, defense contractors, banks, and countless corporations around the world.”
In a fascinating retake in the May issue of Wired, according to reporter Andy Greenberg, those seeds were kept on a single – and well protected – server, which RSA called the “seed warehouse.”
As Wired reported, "They served as a crucial ingredient in one of RSA's core products: SecurID tokens—little fobs you carried in a pocket and pulled out to prove your identity by entering the six-digit codes that were constantly updated on the fob's screen. If someone could steal the seed values stored in that warehouse, they could potentially clone those SecurID tokens and silently break the two-factor authentication they offered, allowing hackers to instantly bypass that security system anywhere in the world, accessing anything from bank accounts to national security secrets.”
In 2011 when the hack happened, The New York Times asked, “How did a hacker manage to infiltrate one of the world’s top computer-security companies? And could the data that was stolen be used to impair its SecurID products, which are used by 40 million businesses that are trying to keep their own networks safe from intruders?”
The RSA breach redefined the cybersecurity landscape. It was both wakeup call and warning. If even a security company can’t keep its assets safe, what about the rest of us?
According to Wired, that hack had actually put a whole lot of other people and companies at risk too. “The theft of the company's seed values meant that a critical safeguard had been removed from thousands of its customers’ networks.”
Ten years have passed since the RSA hack in 2011, and many of the people involved signed Non-Disclosure Agreements (NDAs) at that time, which have now expired, so people can learn more about everything that happened. Like the recent SolarWinds hack, the RSA attack revealed the power of going after the “middle man.” From a hackers’ perspective, trusted middle men are a gold mine because if you can breach those firms, then you have unlimited access or a gateway to thousands of other firms, most of whom are not paying much attention.
So what can your company do to better protect yourself, your networks, and your assets? Below please find some resources to help support cyber resiliency:
US-CERT: US-CERT (Computer Emergency Response Team) is an organization within the Department of Homeland Security (DHS). Its intent was to protect the Internet infrastructure of the United States by coordinating defense against and responding to cyber-attacks. US-Cert resides within the Department of Homeland Security (DHS) in the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC). US-CERT acts a single focal point for incidents and threats and collaborates with federal agencies, the private sector, the research community, state and local governments, and they work with partners around the globe to exchange critical cybersecurity information which they disseminate to the public.
HOW THEY HELP: On the DHS website, US-CERT provides Alerts. Alerts provide timely information about current security issues, vulnerabilities, and exploits. You can sign up to receive these technical alerts in your inbox. To receive other US-CERT products via email, visit their Mailing Lists and Feeds webpage. Probably the clearest explanation of what US-CERT is and does can be found on their Info Sheet.
NIST Cybersecurity Framework: The NIST Cybersecurity Framework (NIST CSF) provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks. NIST is a non-regulatory federal agency within the U.S. Department of Commerce. It looks to set standards for computer security policies, acceptable use policies, and standard security practices.
Cyber Essentials: CISA is called the nation’s “risk advisor” and has a number of resources including a guide for leaders of small businesses and leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
Resources for State, Local, Tribal, and Territorial (SLTT) Governments: CISA listed resources to assist state, local, tribal, and territorial governments with securing their organization. Includes Best Practices, Case Studies, an SLTT Toolkit, and more.
Stop, Think, Connect: The STOP.THINK.CONNECT.™ Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online.
The mission of the FBI’s Internet Crime Complaint Center (IC3) is to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.
HOW THEY HELP: The FBI has set up three investigative departments to handle critical issues relating to Cybersecurity. These include:
Although a bit dated, this article by the UMSA (Upper Midwest Security Alliance) is probably one of the best overall descriptions of how the FBI responds to the above three cyber events. In some detail the article describes how the FBI tries to prevent and how it reacts to the above three events and its recommendations for dealing with each event.
“Stay Safe Online”: NCSA aims to provide information and resources for individuals and organizations to be safer and more secure online.
FCC's Cyberplanner: Helps organizations create and save a custom cybersecurity plan quickly to address specific business needs and concerns.
Small Business Fact Sheet: This interactive, online fact sheet covers cybersecurity basics and best practices, including the NIST Framework and common security threats (e.g., phishing, ransomware, email spoofing, and tech support scams, etc.).
ACSC is the region's only non-profit, member-driven organization committed to strengthening member cybersecurity defenses and preparing the region's response to large scale cyber threats. ACSC brings together the private and public sectors to ensure its members and the region are national leaders in "Collaborative Defense."
CIS Top Controls: Security leaders use the Controls to quickly establish the protections providing the highest payoff in their organizations. They guide you through a series of 20 foundational and advanced cybersecurity actions, where the most common attacks can be eliminated.
CTA is a not-for-profit organization working to improve the cybersecurity of the global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. This approach brings together companies that typically compete with one another and enables them to work together for the greater good.
CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.
Siteline Security’s mission is to equip, empower, and support global nonprofits to navigate and embed cybersecurity into their organizations with confidence.
OWASP is a worldwide not-for-profit charitable organization focused on improving the security of software. OWASP’s mission is to make software security visible, so that individuals and organizations are able to make informed decisions. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. OWASP does not endorse or recommend commercial products or services.
HOW THEY HELP: OWASP helps develop tools like The OWASP Zed Attack Proxy (ZAP). It’s one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. CYRIN has a FREE interactive lab showing how to use OWASP-ZAP.
In a word, yes. We have some of the best content including skills development labs, individual or team exercises, and multiple cyber-attack scenarios. CYRIN’s online interactive virtual training platform is designed to improve the skills of IT, engineering and cybersecurity professionals and learners. Each learner or corporate trainee receives his/her own virtual instance of the CYRIN cyber range and completes “learn by doing” courses.
CYRIN, in a virtual environment, is as close to a real-world experience you can get.
In addition, CYRIN offers two unique features: Performance Monitoring – which allows learners to see their progress and allows instructors to follow individual student progress or track the progress of a whole group – and Exercise Builder, a patented tool that allows you to build your own labs, modify existing labs, or port your content to CYRIN’s training platform.
This allows CYRIN to continually build upon and add to the current 50+ interactive labs, individual or team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks. So we have the content, we can track the content, and, because of Exercise Builder, we always have more content in development for different pathways, scenarios and courses. Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!