Gartner Reseach’s senior analyst Avivah Litan has revealed deatils about the recent hack of RSA’s SecurID system, following a conference call with RSA.
In her blog, she made it clear that the hack was performed by exploiting the recently revealed zero-day bug in Adobe Flash. Adobe had come out with a statement that the attack was performed by means of a Flash object embedded in an Excel file (.XLS).
Litan said that the phising emails titled “2011 Recruitment Policy” received by not-so-large groups of low-profile RSA users, presumably employees, could be the main culprit here.
She wrote, "The emails were surreptitiously titled '2011 Recruitment Plan' and landed in the users' email Junk folders (at least RSA’a SPAM filters were working)." An Excel document was attached to the dubious email with the Adobe Flash zero day flaw CVE 20110609.
According to the initial reports, the attack gave the hackers control of at least one employee’s machine which was immediately followed by the hackers harvesting the login details of more company users. Then they connected to other RSA employee machines and raised the level of access that users were entitled to.
This, eventually allowed them into machines containing the information on SecureID. The data was then encrypted and sent out of the company.
The irony, according to Avivah Litan, is that RSA itself sells fraud-detection systems (FDS) to banks that could have detected the attack. RSA, however, did employ the FDS, but then stopped it midstream.