Cyberattacks fuel concerns about RSA SecurID breach
Based on the reports suggesting that the RSA token was successfully emulated, "one can only assume that the breach of RSA leaked sufficient data to predict the number displayed by a particular token," Johannes Ullrich, CTO at the SANS Institute, said in a blog post. "It may also have leaked which token was handed to what company (or user)," Ullrich said.
RSA's silence probably makes the situation appear worse than it is, said Jeremy Allen, principal consultant with Intrepidus.
Even if the RSA attackers managed to steal more information on SecurID than might have earlier been thought, they would still need to have crucial information to exploit it, Allen said. For an attacker to successfully use a cloned SecurID token, he or she would still need to know the token user's username and pass code to access a particular network service, he said.
For someone to break into Lockheed using the RSA token, the attacker would need at least one Lockheed employee's username and pass code and would have to know which services that person could access.
Other enterprises using SecurID technology need to pay attention to these breaches, analysts said. Until RSA offers more details, companies should keep a close eye on their authentication measures.
"RSA tokens are just one factor of a two-factor authentication scheme," Ullrich wrote. "You will have to enter a PIN or a password in addition to the token ID."
Enterprises should be watching for attempts at guessing passwords and pass codes, he said. "Monitor for brute force attempts and lock accounts if someone attempts to brute force them," he said.
"Enterprises also need to keep an eye on any attempts to log into enterprise systems from unknown or unusual IP addresses," Ullrich warned.
So far, at least two other major defense contractors have already switched from SecurID to other technologies, said Alan Paller, director of research at SANS.
"Both Raytheon and Northrop Grumman made massive changes to their remote security systems immediately upon learning what was taken" from RSA, Paller said. "A senior officer of one of those companies told me that they replaced all of their SecureID tokens with tokens from a different vendor. At the time, this seemed like overkill to some observers, but it now turns out to have been prescient."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- Amazon.com security slip allowed unlimited password guesses on mobile apps
- Huge turnout at RSA shows hackers are winning
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts