Security Management Strategies for the CIORSA, the Security Division of EMC Corp., said Thursday that information related to its SecurID two-factor authentication products was stolen in an "extremely sophisticated cyberattack" against the company.
In an open letter to customers posted on the company's website, Art Coviello, RSA executive chairman, said RSA recently detected the attack.
"Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products," he said.
APT is used to describe attacks in which organized intruders gain access to a network and often stay there undetected for a long period of time with the goal of stealing data.
"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Coviello said.
He said the company had no evidence that customer security related to other RSA products was impacted
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
by the attack. RSA is providing customers with information to strengthen their SecurID
implementations, he said.
"The exact risk to customers isn't clear, but there does appear to be some risk that the assurance of your two factor authentication is reduced," Rich Mogull, founder of independent information security consulting firm Securosis, said in a blog post.
He advised SecurID customers to contact their RSA representative and find out if they are at risk and steps to mitigate the risk.
"Based on how the letter was worded it might mean that the attackers have a means to generate certain valid token values (probably only in certain cases). They would also need to compromise the password associated with that user," Mogull wrote. "I'm speculating here, which is always risky, but that's what I think we can focus on until we hear otherwise. Thus reviewing the passwords tied to your SecureID users might be reasonable."
Join the conversationComment
Share
Comments
Results
Contribute to the conversation