Cyberattacks fuel concerns about RSA SecurID breach
Based on the reports suggesting that the RSA token was successfully emulated, "one can only assume that the breach of RSA leaked sufficient data to predict the number displayed by a particular token," Johannes Ullrich, CTO at the SANS Institute, said in a blog post. "It may also have leaked which token was handed to what company (or user)," Ullrich said.
RSA's silence probably makes the situation appear worse than it is, said Jeremy Allen, principal consultant with Intrepidus.
Even if the RSA attackers managed to steal more information on SecurID than might have earlier been thought, they would still need to have crucial information to exploit it, Allen said. For an attacker to successfully use a cloned SecurID token, he or she would still need to know the token user's username and pass code to access a particular network service, he said.
For someone to break into Lockheed using the RSA token, the attacker would need at least one Lockheed employee's username and pass code and would have to know which services that person could access.
Other enterprises using SecurID technology need to pay attention to these breaches, analysts said. Until RSA offers more details, companies should keep a close eye on their authentication measures.
"RSA tokens are just one factor of a two-factor authentication scheme," Ullrich wrote. "You will have to enter a PIN or a password in addition to the token ID."
Enterprises should be watching for attempts at guessing passwords and pass codes, he said. "Monitor for brute force attempts and lock accounts if someone attempts to brute force them," he said.
"Enterprises also need to keep an eye on any attempts to log into enterprise systems from unknown or unusual IP addresses," Ullrich warned.
So far, at least two other major defense contractors have already switched from SecurID to other technologies, said Alan Paller, director of research at SANS.
"Both Raytheon and Northrop Grumman made massive changes to their remote security systems immediately upon learning what was taken" from RSA, Paller said. "A senior officer of one of those companies told me that they replaced all of their SecureID tokens with tokens from a different vendor. At the time, this seemed like overkill to some observers, but it now turns out to have been prescient."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Michaels breach exposes nearly 3M payment cards
- Teen nabbed in Heartbleed attack against Canadian tax site
- Heartbleed bug can expose private server encryption keys
- FTC can sue companies hit with data breaches, court says
- 5-year-old hacks Xbox, now he's a Microsoft 'security researcher'
- State AGs probe Experian subsidiary's data breach
- NSA sniffing prompts Yahoo to encrypt traffic between its data centers
- Banks withdraw data breach claim against Target
- Bank abandons place in class-action suit against Target, Trustwave
- Banks' suit in Target breach a 'wake-up call' for companies hiring PCI auditors
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts