24 July 2017
visit www.avoka.com

RSA hack explained: phishing and Flash flaw

04 April 2011  |  12463 views  |  1 ID Fraud

The recent RSA data breach was caused by an employee opening an attachment in a phishing e-mail which took advantage of an Adobe Flash vulnerability.

RSA warned customers last month of a security breach that may have compromised its SecurID two-factor authentication system, which is widely used by banks around the world to protect their internal and customer-facing online banking systems.

In a blog post on the company's Web site, Finextra contributor Uri Rivner says the breach arose after an employee retrieved an e-mail from their junk folder entitled "2011 Recruitment Plan" and opened an attached excel file.

The excel spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability that has now been patched.

The attacker then used a remote administration tool known as Poison Ivy RAT variant to enable them to control the machine. From there, the attacker first harvested access credentials - domain admin, and service accounts - from the compromised users.

"They performed privilege escalation on non-administrative users in the targeted systems, and then moved on to gain access to key high value targets, which included process experts and IT and Non-IT specific server administrators," says Rivner.

The final stage of the hack saw the crooks go into servers of interest, remove data and move it to internal staging servers where it was aggregated, compressed and encrypted for extraction. FTP was used to transfer many password protected RAR files from the RSA file server to an outside staging server.

Says Rivner: "At RSA we're already learning fast, making both small-term hardening moves and giant strides towards establishing a whole new defense doctrine. We're implementing techniques that just a couple of weeks ago I thought were in the realm of long-term roadmaps."

In a possibly related move, RSA partent company EMC has acquired Virginia-based NetWitness Corporation, a provider of network security monitoring and analysis software. NetWitness will operate as part of RSA, "providing real-time visibility into network activity and adding efficiency to incident investigations and workflow".

Comments: (1)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 04 April, 2011, 12:52

"Explained"? I beg to differ.  The motivation of a non-trivial attack is always the most interesting aspect.  So while we now know How it was done, we still have no information about Why it was mounted nor What was stolen.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Government spooks called in to investigate Nasdaq OMX hack

Government spooks called in to investigate Nasdaq OMX hack

31 March 2011  |  7970 views  |  0 comments
RSA hacked: SecurID two factor authentication data leaked

RSA hacked: SecurID two factor authentication data leaked

18 March 2011  |  17545 views  |  0 comments
E-crime gang dumps phishing for Zeus - APWG

E-crime gang dumps phishing for Zeus - APWG

21 October 2010  |  11040 views  |  2 comments
PayPal says its own e-mails are phishy

PayPal says its own e-mails are phishy

04 December 2009  |  12058 views  |  1 comments
RSA tries to silence blogger who exposed security flaw

RSA tries to silence blogger who exposed security flaw

14 August 2009  |  7982 views  |  1 comments

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.worldpaymentsreport.comvisit www.niceactimize.comvisit vasco.com/news/PSD2-compliant-solutions

Top topics

Most viewed Most shared
Mastercard to buy AI outfit BrighterionMastercard to buy AI outfit Brighterion
11076 views comments | 14 tweets | 20 linkedin
Barclays rides payments-as-a-service wave with investment in Form3Barclays rides payments-as-a-service wave...
9919 views comments | 16 tweets | 12 linkedin
UK judge blocks £14bn class action suit against MastercardUK judge blocks £14bn class action su...
8983 views comments | 7 tweets | 6 linkedin
PayPal strikes deals with Chase and CitiPayPal strikes deals with Chase and Citi
8867 views comments | 10 tweets | 5 linkedin
Mastercard and Scotiabank join Enterprise Ethereum AllianceMastercard and Scotiabank join Enterprise...
8736 views comments | 25 tweets | 16 linkedin

Featured job

New York, NY - USA (some flexibility on location)

Find your next job