The latest hack attacks on Sony (again!?) and most recently last week with Lockheed in the US demonstrates the need for Security Professionals and Management to understand that all networks are essentially vulnerable to these new “go low and slow” Advanced Persistent Threats which are targetting their networks.
The types of attacks that have succeeded in penetrating networks such as RSA, Sony and Lockheed are not exactly new, however they are much more sophisticated in the combination of specifically created zero days exploits, social engineering and phishing metehods. These attacks are directed at one client only and not to thousands of networks with the same attack methodology.
To explain this further I have written an article which was sourced from various whitepapers including a very high detailed report from RSA themselves which was released after the breach in March 2011. I am waiting for confirmation of publication. Once I receive this I will be publishing excerpts of this article online here.