• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

RSA loses SecureID tokens due to APT attack

March 20, 2011 By Corey Nachreiner

This year, I predicted we’d see an increase in Advanced Persistent Threats (APTs), both as an more common attack and an overused acronym. Unfortunately, a recently disclosed breach into RSA‘s network seems to prove this prediction true

Late last Thursday, RSA’s executive chairman, Art Coviello, Jr, posted an open letter warning their customers about a network breach that allowed attackers to gain access to servers related to their SecureID two-token authentication products. They don’t describe how the breach occurred in any detail, only that they’d discovered an “extremely sophisticated cyber attack” in their systems. They admit that attackers extracted some information related to their SecureID authentication products, but they don’t share exactly what that information is, or how attackers might leverage it.

So what does this mean to SecureID users? Well first, let’s start with the good news. By its very nature, SecureID provides a second token of authentication. It is that second token of authentication that is at risk, not the first token (which is your password). In other words, even if an attacker could totally hack your SecureID token, they’d still need to figure out your normal user name and password in order to log in as you.

That’s not to say this breach doesn’t pose some risk to SecureID users, though. As RSA warns, the information stolen “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation.” The whole point of implementing a two-token authentication system is because you want the security that second token provides, and it may be at risk after this breach. I recommend SecureID users check out RSA’s suggested best practice recommendations to help mitigate the risk this breach poses to SecureID solutions.

Without more details about what data got stolen, and how the breach happened, it’s hard to know the risk it really poses an average SecureID user. However, I expect RSA to release more information as the situation develops. If I learn new details of interest, I’ll be sure to follow up here. – Corey Nachreiner, CISSP

Share This:

Related

Filed Under: Uncategorized Tagged With: APT, RSA, SecureID, Security breach, two-token authentication

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use