14 DAY TRIAL // RSA wasn't the only victim of the cyberattackers that hit the firm earlier this year. It turns out that the same tools and internet infrastructure was utilized to attack a few hundred organizations.
Brian Krebs reveals that the hits which originated mostly from C&Cs located in China, made a large number of well-known victims, 20% of the targeted companies being found on the Fortune 100 list.
Recent information shows that the attacks started somewhere in November 2010 and that RSA was only the cherry on top of the cake.
The list of organizations seem to contain ISPs and even security providers but that doesn't mean they were completely shut down. ISPs may have had a few account holders that were targeted and security vendors might have intentionally infected some of their machines for test purposes.
Also, it's not clear how many systems or networks were actually targeted, so if Google is on the list, it doesn't mean that it suffered as badly as RSA.
However, it makes us wonder. If large organizations were so easily compromised, it means that the smaller businesses have no chance in facing such future attacks.
A few of the more interesting names on the list include the Alabama Supercomputer Network, Cisco Systems, eBay, the European Space Agency, Facebook, Google, the General Services Administration, the Inter-American Development Bank, IBM, Intel Corp., the Internal Revenue Service (IRS), Motorola Inc., Novell, Perot Systems, Research in Motion (RIM) Ltd., Seagate Technology, Thomson Financial, Verisign and VMWare.
As you can see, some pretty big names are on the list provided by the security investigator, which leaves us wondering how secure a network can really be.
On the good side of things, the scale of the attack made state officials and companies realize the true importance of a proper protection system. New regulations and policies are being prepared by lawmakers to prevent such future incidents or at least to somehow mitigate the effects.