The security division of EMC, RSA have been hit with a sophisicated cyber attack which might end reducing the effectiveness of their SecurID authentication services.
Executive Chairman Art Coviello sent a letter to RSA customers and documented that the company had recently “identified an extremely sophisticated cyber attack in progress being mounted against RSA.”
Coviello suspects that the attack was an Advanced Persistent Threat that has resulted in hackers ‘extracting certain information’ from the RSA systems.
Coviello added “Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.”
RSA SecurID authenticators provide users with credit card sized devices which display six digit passwords for their company networks on a one line LCD every 60 seconds. Without having the correct number at the right time, the person won’t be able to log in. In 2009, the RSA launched an iPhone application for the service.
“We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations, we will share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cyber security threat.”
Kitguru says: worrying thoughts indeed