ISSUED BY: GCIS Communications Command Center
SOURCE: EWeek
22March2011 4:30amEST
GCIS CYBERSECURITY UPDATE: The network of one the world’s largest and trusted security firms has been breached, and an unknown amount of information about its popular multifactor authentication technology has been stolen. Customers are worried about what form potential attacks could take.
The SecurID information that was stolen would not allow attackers to launch a successful direct attack on existing SecureID customers, Art Coviello, executive chairman of RSA Security, wrote in an open letter to customers posted on the company’s Website March 17. However, the company acknowledged the information could be potentially used to “reduce the effectiveness” of an existing SecurID deployment as part of a broader attack.
With RSA keeping mum about what exactly was stolen, when the data breach occurred, how attackers got into the network and how long the breach lasted, security experts can more or less give their imaginations free reign to suggest potential attack scenarios.
Adam Vincent, CTO of the Public Sector group at Layer 7 Technologies, wondered about the implications of a broader attack hinted at by Coviello. “Reading between the lines,” RSA made it sound as if the data theft made RSA SecureID ineffective without needing to compromise any specific usernames or passwords, Vincent told eWEEK.
The “well-organized group” of hackers behind this targeted attack would have to complete “many steps” to successfully attack an organization using SecurID tokens for authentication, Nick Percoco, senior vice president of SpiderLabs, told eWEEK. While it was “less likely” there will be a direct head-on attack, it wasn’t impossible, he said. (read full report)
