This year, I predicted we’d see an increase in Advanced Persistent Threats (APTs), both as an more common attack and an overused acronym. Unfortunately, a recently disclosed breach into RSA‘s network seems to prove this prediction true
Late last Thursday, RSA’s executive chairman, Art Coviello, Jr, posted an open letter warning their customers about a network breach that allowed attackers to gain access to servers related to their SecureID two-token authentication products. They don’t describe how the breach occurred in any detail, only that they’d discovered an “extremely sophisticated cyber attack” in their systems. They admit that attackers extracted some information related to their SecureID authentication products, but they don’t share exactly what that information is, or how attackers might leverage it.
So what does this mean to SecureID users? Well first, let’s start with the good news. By its very nature, SecureID provides a second token of authentication. It is that second token of authentication that is at risk, not the first token (which is your password). In other words, even if an attacker could totally hack your SecureID token, they’d still need to figure out your normal user name and password in order to log in as you.
That’s not to say this breach doesn’t pose some risk to SecureID users, though. As RSA warns, the information stolen “could potentially be used to reduce the effectiveness of a current two-factor authentication implementation.” The whole point of implementing a two-token authentication system is because you want the security that second token provides, and it may be at risk after this breach. I recommend SecureID users check out RSA’s suggested best practice recommendations to help mitigate the risk this breach poses to SecureID solutions.
Without more details about what data got stolen, and how the breach happened, it’s hard to know the risk it really poses an average SecureID user. However, I expect RSA to release more information as the situation develops. If I learn new details of interest, I’ll be sure to follow up here. – Corey Nachreiner, CISSP