RSA blames Flash flaw and social media for attack

RSA blames Flash flaw and social media for attack

RSA has blamed an Adobe flaw and social media for an attack on its authentication system.

Last month, the EMC-owned security firm admitted the systems behind its two-factor security product, SecurID, had been hacked.

However, it's taken weeks for the company to reveal the cause of the attack. Uri Rivner, head of new technologies, said the attackers gathered data on staff using social-media sites, using them to send a personalised email - a so-called spear phishing attack.

"The attacker in this case sent two different phishing emails over a two-day period," Rivner said in a blog post. "The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high-profile or high-value targets."

That email contained a malicious spreadsheet, which took advantage of a zero-day flaw in Adobe Flash to infect machines and give attackers remote access.

Rivner said the attack showed that people remained the weakest link. "You don’t bother to just simply hack the organisation and its infrastructure; you focus much more of your attention on hacking the employees."

Rivner stressed that RSA noticed the attack while it was still in progress, but Carole Theriault, senior security consultant at Sophos, noted the firm left a few details out.

"What did the attackers take? How does it affect your customers? What can they do about it? What are you doing to stave off future similar attacks?" she said in a blog post.

"However, I am really pleased that RSA sketched out some of the details of the attack," she added. "I don't know if they planned to do so all along, or if they bowed to external pressure to do so."

This article originally appeared at pcpro.co.uk

Source: Copyright © PC Pro, Dennis Publishing

See more about:  rsa  |  blames  |  flash  |  flaw  |  social  |  media  |  attack
 
 

Readers of this article also read...

Review: Microsoft Windows 8.1 

Review: Microsoft Windows 8.1

 
Android vice president quits, joins Chinese phone maker 

Android vice president quits, joins Chinese phone maker

 
Panasonic to unleash 20in 4K tablet at IFA 

Panasonic to unleash 20in 4K tablet at IFA

 
Discuss: Are you happy to help fix your friends' computers? 

Discuss: Are you happy to help fix your friends' computers?

 
Sony teases mystery "new form" of entertainment 

Sony teases mystery "new form" of entertainment

 

Latest Comments

Latest Poll

What PC component are you planning to upgrade in the next six months










Ads by Google

From our Partners

PC & Tech Authority Downloads