RSA blames Flash flaw and social media for attack

RSA blames Flash flaw and social media for attack

RSA has blamed an Adobe flaw and social media for an attack on its authentication system.

Last month, the EMC-owned security firm admitted the systems behind its two-factor security product, SecurID, had been hacked.

However, it's taken weeks for the company to reveal the cause of the attack. Uri Rivner, head of new technologies, said the attackers gathered data on staff using social-media sites, using them to send a personalised email - a so-called spear phishing attack.

"The attacker in this case sent two different phishing emails over a two-day period," Rivner said in a blog post. "The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high-profile or high-value targets."

That email contained a malicious spreadsheet, which took advantage of a zero-day flaw in Adobe Flash to infect machines and give attackers remote access.

Rivner said the attack showed that people remained the weakest link. "You don’t bother to just simply hack the organisation and its infrastructure; you focus much more of your attention on hacking the employees."

Rivner stressed that RSA noticed the attack while it was still in progress, but Carole Theriault, senior security consultant at Sophos, noted the firm left a few details out.

"What did the attackers take? How does it affect your customers? What can they do about it? What are you doing to stave off future similar attacks?" she said in a blog post.

"However, I am really pleased that RSA sketched out some of the details of the attack," she added. "I don't know if they planned to do so all along, or if they bowed to external pressure to do so."

This article originally appeared at pcpro.co.uk

Source: Copyright © Alphr, Dennis Publishing

See more about:  rsa  |  blames  |  flash  |  flaw  |  social  |  media  |  attack
 
 

Readers of this article also read...

Sun Tzu and The Art of... Wargaming 

Sun Tzu and The Art of... Wargaming

 
10 ways to harden the security on your Android phone 

10 ways to harden the security on your Android phone

 
Revenge really does make you feel better, study finds 

Revenge really does make you feel better, study finds

 
Look out - a recent Windows 10 update cripples multi-monitor 3D apps 

Look out - a recent Windows 10 update cripples multi-monitor 3D apps

 
Hasbro wants the internet to vote on new Monopoly pieces 

Hasbro wants the internet to vote on new Monopoly pieces

 

Latest Comments

From our Partners

PC & Tech Authority Downloads