RSA: Hackers breached us of intellectual property

Share this article:

Hackers have successfully infiltrated security firm RSA to steal information related to its two-factor authentication products, the company's president revealed in a letter Thursday to customers.

"Recently, our security systems identified an extremely sophisticated cyberattack in progress being mounted against RSA," President Art Coviello wrote.

Coviello categorized the attack as an advanced persistent threat, which is known for its sophistication and stealthiness and is often leveraged to steal coveted intellectual property. Last year, Google and a number of other high-profile firms disclosed that they were APT victims.

Coviello said the information obtained by the hackers may teach them how to circumvent RSA's SecurID products, which include hardware token authenticators, software authenticators, authentication agents and appliances. Millions of companies worldwide use SecurID to protect access to their sensitive assets, such as web servers, email clients and VPNs.

"While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," Coviello wrote. "We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations."

The vendor does not believe any personal customer or employee information was compromised in the attack.

Coviello said the company plans to "share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem."

Ironically, for more than a year, RSA has been researching the APT threat to develop new mitigating technologies.

In an interview last month with SC Magazine at the RSA Conference in San Francisco, RSA CTO Bret Hartman said organizations should accept that they likely cannot stop an APT attack and should instead focus on detecting it early and reducing its impact.

RSA is owned by EMC.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.