Lockheed Martin investigates possible link between cyber attack and RSA data breach

US-based global defence firm Lockheed Martin says it has beefed up security around remote access to its IT network after a “significant and tenacious attack” on 21 May, which could be linked to an earlier breach at security firm RSA.

Lockheed maintains that its systems remain secure and that no customer, project or employee personal data was compromised in the attack, reported a week after the event.

“The company’s information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data,” Lockheed said in a statement.

Lockheed and RSA Security, which supplies access tokens to millions of corporate users, say they are still trying to determine whether the attack used data hackers stole from RSA in March or if it had exploited another weakness, according to the New York Times.

Shortly after RSA announced the breach, Lockheed said it had added an additional password to the process employees used to connect to its system from remote locations.

At the time of the RSA data breach, Art Coviello, executive chairman of RSA, said the information extracted did not enable a successful direct attack, but he did not exclude the possibility that the information could be used as part of a broader attack.

Investigating the attack

Officials at Lockheed and RSA Security, a division of EMC that provides the SecurID electronic access tokens, say they are working with federal officials to find out how the attack was carried out and who was behind it.

EMC said in a statement at the weekend that it was “premature to speculate” on the cause of the Lockheed attack.

Ross Brewer, vice-president and managing director of international markets at log management firm LogRhythm, says although Lockheed Martin was quick to spot and disclose this breach, and has offered reassurance that none of its critical systems were compromised, it now faces the substantial task of tracing the source of the attack.

“When you consider the monetary and political value of the information held on its IT systems, there will be no shortage of candidates,” he said.

According to Brewer, critical clues to how the attack was launched and spread will be held in the log data generated by each and every device and application on Lockheed Martin’s network.

“By analysing these logs, the company should be able to spot patterns of suspicious behaviour and work backwards to pinpoint the cause,” he said.