Two hacks that have gained the attention of IT professionals worldwide in the last few weeks have been the hack of security giant RSA and the LizaMoon SQL injection hack. Behind these attacks, the same three areas of weakness were exploited: External controls on outward-facing hosts, internal controls in place on the network, and human controls.
The LizaMoon SQL injection is the most basic hack, as attackers exploited a weakness in web servers running outdated and unpatched versions of Microsoft SQL Server. The victimized web addresses, after automated, unauthorized injection of code, auto-run an installation of a program on visitors’ computers. While this is more of an annoyance to the end user than anything else, these vulnerabilities can also be exploited in a more malicious way, and the fact that this hack has automatically propagated itself so rapidly is a sign that businesses should consider making the investment to upgrade the applications running in between their networks and the Internet.
The RSA hack was one that required more patience and leveraging of both social engineering (human-based) and internal network exploitation. According to an RSA blog explaining the “anatomy” of the attack, the attackers crafted an email and tricked a user into downloading malicious software onto his computer that revealed certain information about permissions and the network to the attackers – the social engineering piece. Using technical expertise to exploit a vulnerability within Adobe Acrobat – the internal network piece, they were able to elevate their permissions to one that had access to the methodology behind RSA’s technology for its SecurID authentication products.
The fact that large hacks are continuing to take place despite investment in a multitude of technical controls illustrates the importance of continuous testing of the controls around a business’s network. Penetration testing from the outside, internal assessment of controls in place, and social engineering testing are all elements that help an organization maintain a strong security posture. For more information about how GraVoc Associates, Inc. of Peabody, MA can help your business through this kind of testing, please visit the Information Security page at https://www.gravoc.com/information_security.php.