At long last there is some new information about how attackers were able to breach security firm RSA’s defences and steal sensitive information.
It is still now clear exactly what information relating to RSA’s SecureID product was stolen, but the chink in RSA’s armour turns out to be good old social engineering.
RSA said that it had been hit by an Advanced Persistent Threat (APT), which typically consists of a series of fairly standard attacks carried out against a single target until attackers find a way in.
In RSA’s case, the way in was through spear phishing attack that exploited an Adobe Flash vulnerability to load a credential-stealing Trojan to zero-in on the target system.
The fact that RSA’s social engineering was obviously not up to scratch and that RSA was unable to shut down the attack in real time, are highlighted in an interesting blog post by Avivah Litan, Gartner vice president and distinguished analyst.
“The irony though with RSA is that they don’t eat their own dog food. In other words, they relied on yesterday’s best of breed tools to prevent and detect the attack,” she says.
Litan says perhaps the breach will shake up RSA so that they start moving a lot faster, like some of the small agile start ups they acquired in the past.
“I’m sure they are not the only company where this phenomena is true. The old adage rings true – the shoemakers children have no shoes,” she says.
Russell Poole, security practice director at IT services firm 2e2, says the RSA breach demonstrates the need for continual employee education.
“It also demonstrates the need to ensure all business applications and operating systems are at the latest patch levels,” he says.
Poole recommends that in the face of increasingly sophisticated and persistent attacks, all companies should ensure their policies and security infrastructure investments are correctly configured and understood to provide the highest level of security, and ensure all patch levels are up to date, password policies hardened and that business systems are properly configured.