Subscribe to our Press Releases RSS feed to stay up-to-date on latest news.
RSA has released more information regarding the breach that affected SecurID on Thursday, March 17, 2011
On Tuesday, June 7, 2011, Art Coviello, RSA's executive chairman, released a letter to RSA customers. In the letter, RSA disclosed that information taken during the attack could potentially be used to target government agencies and government contractors, specifically defense secrets and related Intellectual Property (IP). RSA maintains that no PCI information was targeted. This incident does not preclude attacks to non-government related organizations; however, indications of such an attack due to this breach are less likely.
Also in the RSA letter, they addressed the June attack on Lockheed Martin, a major U.S. government defense contractor. According to RSA, the attack on Lockheed does not reflect a new threat or vulnerability in RSA SecurID technology. The Lockheed Martin attack, which had used elements taken from the RSA breach, was thwarted, according to Lockheed Martin.
RSA has expanded its security remediation program to reinforce customers' trust in RSA SecurID tokens and the company's overall security posture. As part of this, RSA is offering customers two expanded offers:
The above options require customers to contact RSA and provide more information regarding their SecurID environment to determine token replacement options. As a RSA Reseller, FishNet Security can assist you in determining replacement options. Based on the remaining token life of existing tokens and requested shipping options, any costs will be provided to customers in the form of a quote.
Please contact your local FishNet Security Account Executive to further discuss these expaned offers from RSA. If you would like to pursue the expanded remediation offers from RSA, please contact RSA remediation team at the numbers below.
RSA Call-in for Customers with Questions:
For customers in the U.S., please call
+1-800-782-4362; Option #5 [RSA]; Option #1 [RSA SecurID Remediation Program]
For customers in Canada, please call
+1-800-543-4782; Option #5 [RSA]; Option #1 [RSA SecurID Remediation Program]
For International customers, please call
+1-508-497-7901; Option #5 [RSA]; Option #1 [RSA SecurID Remediation Program]
Summary of FishNet Security Original Response
On Tuesday, March 22, FishNet Security published a response summary of the breach titled "RSA SecurID Breach Summary," which included a threat model that is confirmed in RSA's recent release. Customers should understand the information offered and take prudent, thoughtful action to mitigate the elevated risk.
Previously Released FishNet Security Recommendations:
Attack Vectors - What do I need to Monitor and Mitigate?
In a worst-case scenario, the attackers have weakened the SecurID infrastructure by narrowing down the universe of possible targets, identifying the customers to target and providing specific information about their target (serial number and form-factor). Breaking down all the angles in a detailed threat model is beyond the scope of this document and must be tailored to each specific customer scenario. However, FishNet Security presents a few considerations in this regard.
The attacker still needs the following information to authenticate to the victim's infrastructure:
Therefore, an organization using RSA SecurID needs to be worried about attacks that target the above information. These attacks can be categorized as social engineering ("SE"), theft, surveillance, secondary compromise (e.g., use of a botnet already in place within the target company) and fraud (user takes active part in providing information).
The most likely attack scenarios include the following:
Each end-user's environment is different and subsequently the attack vectors may vary based on that environment. It is important for each customer to perform a threat analysis based on his or her unique situation.
Monitoring and Mitigation - How do I watch for and mitigate the attacks?
The advantage here is that there are a number of items the attacker does not have in order to complete a successful attack, and that getting some of those items may be more difficult than penetrating a softer target in a different way.
First and foremost, be cognizant of your status as a target within the black hat community. Are you a high-value target? Is your company visibly on the wrong side (from a hacktivist viewpoint) of certain social issues? Would you be a "feather in the cap" of a hacker group? Everyone should be vigilant and careful, but certain organizations need to take more stringent precautions.
Second, make prudent assumptions and work backwards to logical monitoring and mitigation techniques. For example, assume your seed records are in the wild and your usernames are easily guessed, but the relationship between the two is not established. So, you need to be watching for and preventing attacks aimed at gaining that seed record-to-username relationship and the PIN.
Specific recommendations include:
Customers should continue to follow the recommended mitigation steps and take advantage of programs being offered by RSA. As your trusted information security advisor, FishNet Security can put resources at your disposal to help you make the right decisions and complete any necessary mitigation steps. Do not hesitate to reach out to FishNet Security for assistance in this matter.