Top safety work solid RSA Security revealed on Th that it’s been the victim of an “extremely sophisticated” hack.
The companionship said inwards a banknote posted on its website that the intruders succeeded inwards stealing information related to the company’s SecurID two-factor authentication products. SecurID adds an extra layer of protection to a login procedure past times requiring users to travel into a hugger-mugger code give away displayed on a keyfob, or inwards software, inwards add-on to their password. The give away is cryptographically generated together with changes every xxx seconds.
“While at this fourth dimension nosotros are confident that the information extracted does non enable a successful similar a shot assail on whatever of our RSA SecurID customers,” RSA wrote on its blog, “this information could potentially live used to cut down the effectiveness of a electrical current two-factor authentication implementation every bit business office of a broader attack. We are really actively communicating this province of affairs to RSA customers together with providing immediate steps for them to accept to strengthen their SecurID implementations.”
As of 2009, RSA counted xl ane thou 1000 customers carrying SecurID hardware tokens, together with some other 250 ane thou 1000 using software. Its customers include authorities agencies.
RSA CEO Art Coviello wrote inwards the spider web log post that the companionship was “confident that no other … products were impacted past times this attack. It is of import to banknote that nosotros create non believe that either client or employee personally identifiable information was compromised every bit a final result of this incident.”
The companionship also provided the information inwards a document filed alongside the Securities together with Exchange Commission on Thursday, which includes a listing of recommendations for customers who mightiness live affected. See below for a listing of the recommendations.
A companionship spokesman would non supply whatever details most when the hack occurred, how long it lasted or when the companionship had discovered it.
“We are non withholding anything that would adversely impact the safety of our client systems,” said spokesman Michael Gallant. “[But] we’re working alongside authorities authorities every bit good so we’re non disclosing whatever farther information likewise what’s on the spider web log post.”
RSA categorized the assail every bit an advanced persistent threat, or APT. APT attacks are distinctive inwards the kinds of information the attackers target. Unlike most intrusions that become later fiscal together with identity data, APT attacks tend to become later root code together with other intellectual belongings together with oft involve extensive travel to map a company’s infrastructure.
APT attacks oft usage zero-day vulnerabilities to breach a companionship together with are thus rarely detected past times antivirus together with intrusion programs. The intrusions are known for grabbing a foothold into a company’s network, sometimes for years, fifty-fifty later a companionship has discovered them together with taken corrective measures.
Last year’s hack into Google was considered an APT attack, and, similar many intrusions inwards this category, was linked to China.
RSA, which is owned past times EMC, is a leading work solid together with is most known for the RSA encryption algorithm used to secure e-commerce together with other transactions. The companionship hosts the top-ranked RSA safety conference every year.
Following is the listing of recommendations RSA has provided to customers:
• We recommend customers increase their focus on safety for social media applications together with the usage of those applications together with websites past times anyone alongside access to their critical networks.• We recommend customers enforce strong password together with pivot policies.• We recommend customers follow the dominion of to the lowest degree privilege when assigning roles together with responsibilities to safety administrators.• We recommend customers re-educate employees on the importance of avoiding suspicious emails, together with remind them non to supply user names or other credentials to anyone without verifying that person’s identity together with authority. Employees should non comply alongside electronic mail or phone-based requests for credentials together with should study whatever such attempts.• We recommend customers pay exceptional attending to safety around their active directories, making sum usage of their SIEM products together with also implementing two-factor authentication to command access to active directories.• We recommend customers sentry closely for changes inwards user privilege levels together with access rights using safety monitoring technologies such every bit SIEM, together with visit adding to a greater extent than levels of manual approving for those changes.• We recommend customers harden, closely monitor, together with boundary remote together with physical access to infrastructure that is hosting critical safety software.• We recommend customers examine their assist desk practices for information leakage that could assist an aggressor perform a social applied scientific discipline attack.• We recommend customers update their safety products together with the operating systems hosting them alongside the latest patches.
Share This :
comment 0 Comments
more_vert