'Extremely sophisicated' attack targets 2-factor auth By Dan Goodin in San Francisco • Get more from this author Posted in Enterprise Security, 18th March 2011 00:39 GMT Attackers breached the servers of RSA and stole information that could be used to compromise the security of two-factor authentication tokens used by 40 million employees to access sensitive corporate and government networks, the company said late Thursday. “Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT),” RSA Executive Chairman Art Coviello said in an undated letter posted on the company's website. “Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems.” Neither the letter nor a filing (PDF) with the Securities and Exchange Commission identified what the stolen data was, but Coviello went on to say it “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” Michael Gallant, a spokesman with RSA owner EMC, declined to answer any questions posed by The Register. Among the unanswered questions was whether attackers got access to the so-called seed values that SecurID tokens use to generate the six-digit numbers that change every 60 seconds. Workers in both private industry and government agencies use the devices as an additional security measure when logging onto their employers' networks. Requiring the employee to have physical access to the dongle thwarts hackers who may have intercepted the users' password. If attackers were able to access the seeds for a specific company, they might be able to generate the pseudo-random numbers of one of its tokens, allowing them to clear a crucial hurdle in breaching the company's security. Other possibilities include the theft of source code that gives attackers a blueprint of … [Read more...]

Security Advisory Updated March 21, 2011 RSA will be hosting customer information calls regarding this SecurCare note on Tuesday, March 22nd and Wednesday, March 23rd. Please click here for specific calling details. Summary: As previously reported, a recent attack on RSA’s systems resulted in certain information being extracted related to RSA SecurID® authentication products. This note is being provided in order to help customers further assess their risk and prioritize their remediation steps as necessary in relation to this event. RSA SecurID technology continues to be a very effective authentication solution. Whoever attacked RSA has certain information related to the RSA SecurID solution, but not enough to complete a successful attack without obtaining additional information that is only held by our customers. We have provided best practices so customers can strengthen the protection of the RSA SecurID information they hold. Based on feedback from customers, we are issuing this follow-up RSA SecurCare note to help customers assess their risk and prioritize their remediation steps. We strongly urge you to initiate these steps immediately, if they are not already part of your environment. These remediation steps are those we have implemented across RSA's and EMC's business, with respect to our RSA SecurID authentication system. Description: Updated content is being provided to help customers further assess their risk and prioritize their remediation steps in relation to this event. All content is available on the RSA SecurCare website, and links to that content are provided in this note. Updated information includes: A Customer FAQ providing answers to help customers further assess their risk and prioritize their remediation steps, if they are not already part of your environment. The FAQ is part of this document. Updates to our best practices guides based on customer feedback, including more detailed Log … [Read more...]

Security Advisory Updated March 17, 2011 Dear RSA SecurCare® Online Customer, RSA will be hosting customer information calls regarding this SecurCare note on Thursday, March 17th and Friday, March 18th. Please click here for specific calling details. Summary: We have determined that a recent attack on RSA’s systems has resulted in certain information being extracted from RSA’s systems that relates to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. RSA urges immediate action. Description: Recently EMC’s security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities. Our investigation has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We strongly urge immediate customer attention to this advisory, and we are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations. Affected Products: The affected products are … [Read more...]