An APT Lesson From RSA’s SecurID Breach

While customers are understandably concerned about the security of their SecurID deployments, the RSA breach is a wake-up call about the recent increase in what security experts call APTs, advanced persistent threats.

Attackers had successfully breached the RSA’s networks and stolen information related to the company’s SecurID two-factor authentication technology, revealed Art Coviello, the executive chairman of RSA Security, in an open letter to customers posted on the RSA Website on March 17. RSA identified the attack as an APT in its letter.

New Breed Of Attacker And Exploit

APTs are ongoing attacks where perpetrators probe the target systems looking for information such as source code and other sensitive intellectual property. APTs are a “new breed of cyber-adversary” and cannot be addressed in the same way as other Web threats, Adam Vincent, CTO of the Public Sector group at Layer 7 Technologies, told eWEEK.

The attackers are well-funded, highly organised and are most likely employing new techniques – ones that are probably not protected by network encryption, firewalls and other security products, Vincent said. Security products cannot provide sufficient capabilities to protect an organisation from APTs as the lurking attackers are often indistinguishable from legitimate users, he said.

Operation Aurora, which compromised systems at Google and a number of other major companies in 2009, was a type of APT. “If Google and Aurora wasn’t enough of a wake-up call, this is another wake-up call,” said Peter Schlampp, vice president of product management at Solera Networks, told eWEEK.

The general consensus appears to be that if RSA can fall, then there is little chance for smaller companies. So organisations need to do more than just spend money to block threats, Chris Larsen, head security malware researcher at Blue Coat Systems, told eWEEK. They need to assume they are already infected and invest in security technologies, such as network forensics and log management systems, that will allow them to find the breach, he said.

While RSA has remained silent about what was stolen, when the data breach occurred, how attackers got into the network and how long the breach lasted, the company recommended that customers harden their other security layers in case of a follow-up attack.

“A layered security approach is always best,” said Avivah Litan, a distinguished analyst at Gartner. While one-time password [OTP] systems “raise the bar for the criminals”, they were vulnerable to compromise even before the RSA breach, she said. “Maybe this incident will wake up companies to the need for more controls than just OTP authentication,” she said.

Inconvenient But Not Disastrous

Assuming that the attackers stole the seed values used to generate the one-time passwords on the SecurID tokens, a potential scenario has cyber-criminals leveraging social engineering and spear phishing tactics to obtain the serial number of the SecurID token. With that serial number and seed values in hand, attackers can masquerade as the user to log in to secured networks, such as those in financial institutions.

The scenario is not all that dire: it just means that RSA customers will need to replace the tokens, according to Kyle Adams, architect and lead developer at Mykonos Software. “The actual two-factor authentication technology remains secure, and it’s just some key information that was lost,” Adams told eWEEK.

If customers feel that SecurID is compromised, they are likely to replace it with competitor products. In fact, CA has announced that SecurID customers can trade in their RSA tokens in a one-for-one swap for CA’s own authentication platform, the CA ArcotID Secure Software Credentials.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago