RSA Security, a division of EMC Corp. has admitted that it was the victim of a sophisticated attack that resulted in the theft of secrets related to its SecurID two-factor authentication product.
The disclosure came in a blog post by RSA chief Art Coviello on Thursday. Coviello said that the company faces attacks every day, but had recently become aware of
“an extremely sophisticated cyber attack in progress,” which he characterized as being “in the category of an Advanced Persistent Threat (APT).” RSA’s investigation subsequently concluded that the attackers had made off with company secrets, including “information…specifically related to RSA’s SecurID two-factor authentication products.”
SecurID is RSA multi-factor authentication technology. SecurID includes a range of technologies used to implement multi-factor authentication tools like one-time password generators and secure access cards. Corporations and other organizations use SecurID to give employees secure access to resources such as corporate networks over virtual private network (VPN) connections, e-mail and other assets.
Coviello said that the company was confident that the stolen information wouldn’t enable a successful attack on any SecurID customers, but that it could be used to “reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” RSA is talking to customers about possible attack scenarios and helping them to “strengthen their SecurID implementations,” Coviello wrote.
RSA, EMC’s security division, is a leading provider of secure authentication solutions and counts government agencies as well as high profile corporations among its customers. It is unclear who is behind the attack, though the term “APT” was originally a code word within military and intelligence circles for the People’s Republic of China.
Whatever the case, theft of secrets related to SecurID could be used generically, or as a component of another, larger attack.
Mirco Rohr on
This could be pain in the ass- " reducing the effectiveness..". Just to think what could possibly happen if Key/Certificate information was among the compromised data ?
Look at Realtek - where a digital certificate was stolen - and how it was used afterwards.
What does this teach us?
Even security providers are in danger today and they are very attractive targets.
Every enterprise in the market could be a victim, cybercriminals are interested in getting the intellectual property of this enterprises. They can sell it, or they can use it. Be prepared for the next cyber attack.
But in this case, what really peaks my curiosity is that EMCRSA has a DLP solution inhouse( they bought Tablus in 2008), did they use DLP technologies, and to which extent.
Granted some types of attacks cannot be detected or prevented by standard DLP techniques, the question still stands.