March 18, 2011 – EMC is investigating an apparent advanced persistent threat cyber attack against its RSA security division.

The security breach included information extracted from RSA’s SecurID products, which has about 25,000 customers, according to EMC. EMC stated in a news release that it is “confident” the stolen information does not enable a direct attack on those customers, and that no customer information with other products has been impacted. However, the security information could be used to reduce effectiveness of SecurID’s two-factor authentication process as part of a broader attack.

In a statement on its website, RSA executive chairman Art Coviello said that EMC experiences and repels multiple attacks on its infrastructure each day, though called this event “extremely sophisticated.”

“We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities,” Coviello said.

Coviello urged customers to review security steps outlined in its SecurCare Online Note.

Scott Crawford, managing research director at Enterprise Management Associates, said it would be speculative at this point to assume the risk of the attack or the intricate nature of the advanced persistent threat. But in reviewing statements made public by RSA, Crawford said the company’s communications to customers allude to security problems caused by human behavior and social networks.

Crawford says that strengthening containment and increasing IT environment visibility should be the first internal responses at RSA, as they and all data organizations with valuable information deal with constant threats.   

“It would seem to me that SecurID was targeted because it is used to provide stronger control on access to higher value assets, such as administrative access to sensitive information systems. It is also a widely used product, so gaining an advantage over SecurID could provide an advantage over its use among a wide range of RSA customers,” Crawford says. “This places a higher value on the intellectual property of security control vendors that they will need to consider going forward.”


Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access