RSA Security is one of the biggest players in the enterprise security landscape, featuring advanced authentication, access control and data loss prevention products. The hype about the breach occurred to the company spread to almost every security news website. Company’s CEO announced, in a “urgent” message, that the breach is to be considered an APT – advanced persistent threat.
The last time we heard about this term was during the days of Aurora exploit where Fortune 50 US companies, including Google, suffered data loss due to a targeted attack from Chinese IP addresses. Regardless the use and abuse of the term, this is a targeted breach for which there’s still not much information.
The fact that this term is being used again, might refer to similarities in the way the breach has been conducted: a long term infiltration through custom malware built to steal specific internal projects documents.
As for now, there’s no information available in regards to the type of technique used. Nor is known the threat posed to the customer of the SecurID two-factor authentication technology. Customers are financial institutions, banks and enterprises from all over the world.
SecurID is a tehcnology used by 40 million people worldwide, to generate one time passwords by means of tokens. These passwords are tied to common login credentials assigned to the person, making it a two-factor authentication. SecurID is the project that seems to have suffered the most leaked documentation. RSA is still working with authorities to trace back the attack and is already in contact with main and most affected customers, namely banks, to mitigate the exposure.
By Armando Romeo