Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking

    RSA’s SecurID Breach Started with Phishing Email

    Written by

    Fahmida Y. Rashid
    Published April 4, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The sophisticated attack that breached RSA’s defenses and allowed attackers to steal SecurID data appears to have begun as a phishing attack, according to several security analysts briefed by the company. RSA has faced some criticism from about its internal security practices.

      During a private call with security analysts, the executive chairman of RSA Security, Art Coviello, revealed some details of how the March 17 security breach happened. During the April 1 call, Coviello also discussed how RSA stopped the incident.

      An RSA spokesperson confirmed there had been a call with Coviello and some analysts, but declined to comment on the content of the call.

      The attack started with phishing emails sent to small groups of low-profile RSA users that ended up in the users’ email junk folders, according to Avivah Litan, an analyst with Gartner, who was on the call. Litan believes these low-level users are actually RSA employees.

      The emails were titled “2011 Recruitment Plan” and had a malicious Microsoft Excel spreadsheet attached, Litan reported on her blog.

      Ironically, the spreadsheet exploited the recently discovered Adobe Flash zero-day flaw. Adobe had announced the vulnerability on March 14 and patched it March 21. However, it appears the patch came a little too late for RSA.

      Despite landing in the users’ junk folders, at least one person opened the email and the attachment, which downloaded the Trojan to the user’s PC. Attackers began harvesting credentials and “made their way up the RSA food chain” using accounts belonging to the IT department, as well as other employees, to gain “privileged access” to the targeted system, Litan wrote.

      “At least RSA’s spam filters were working, even if their social engineering training for employees was not,” Litan added.

      From the targeted system, attackers transferred files to an external compromised machine at a hosting provider, at which point RSA detected the attack thanks to its NetWitness implementation, Litan wrote. Industry observers had speculated that RSA must have had a network monitoring and forensics product deployed, and it appears they were right. RSA was able to stop the attack before more damage could be done and immediately told customers about the attack.

      The company remained vague as to when the phishing emails were sent, or how long the attackers spent in the network bouncing between accounts, but several months seem likely, according to Jon Oltsik, a principal analyst with the Enterprise Strategy Group, who was also on the call. “I think that the intelligence gathering and setup lasted awhile,” he told eWEEK.

      RSA was a lesson for everyone that technology isn’t enough to “detect or block attacks,” said Oltsik. “We need to train our people,” he said.

      While RSA “should be credited for handling a bad situation as well as it can,” Litan felt that “RSA should have known better.”

      “The irony is that they don’t eat their own dog food,” Litan told eWEEK. The company sells fraud detection systems based on sophisticated profiling that use complex models to spot abnormal behavior and intervene in real time to authenticate and reauthenticate users and transactions.

      However, RSA did not apply those same techniques to their own systems, Litan said.

      RSA gave “a lot of credit” to NetWitness for detecting the attack in real time, but it wasn’t good enough, as the “signals and scores” were clearly not high enough to prompt a person to shut down the attack immediately, Litan said.

      RSA needs to stay innovative and apply the lessons learned from serving its clients to its own internal enterprise systems, Litan said. This may be a function of being owned by EMC, a “behemoth company,” said Litan. She noted that many of the “best and brightest” at RSA left after the 2006 acquisition.

      “Much of the innovation has since been slowed down by the inevitable bureaucracy,” said Litan.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.