Friday, March 18

RSA Cyber Attack
By Brad C. Johnson


The recent news that EMC’s RSA infrastructure was the target of an (apparently successful) Advanced Persistent Threat (APT) cyber attack is serious news in the IT and security world. A lot more information will need to come from RSA about the details of the actual compromise and what that means for RSA customers and the systems we try and protect using RSA products. Here is a link to an RSA open letter about the situation: http://www.rsa.com/node.aspx?id=3872. EMC’s SEC filing of the situation is located here: http://www.emc.com/about/investor-relations/sec-filings.htm - Refer to “Report of unscheduled material events or corporate event” dated 03/17/11.

In the meantime, there are some things that we all can do as we wait for more details:

  • Notify all staff using RSA tokens of the situation and ensure they are following corporate password quality standards
  • Ensure that staff are following RSA specified best practices (e.g., PIN management, system hardening, token distribution)
  • Monitor logs for increased authentication failures, social engineering attacks, or phishing attacks
  • Tightly monitor RSA responses, recommendations, and announcements
  • Refer to the RSA SEC filing under the section “SCOL Note Title: Required Actions for SecurID Installations” for detailed RSA recommendations

Despite the fact that this is indeed a serious situation and leads to the direct possibility that one may need to consider using different technology, until we get more information it’s probably more prudent to sit tight with the technology you are already have in place and ensure the above recommendations are being followed.

Having said that, you should set some well-defined checkpoints within your organization in the near future to either agree or disagree on how to move forward with the use of RSA technology and their response to the current situation.

No comments: