Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
RSA had implemented a risk mitigation strategy against advanced persistent threats that failed to prevent the major compromise of its SecurID token product.
But the company's chief security architect Robert Griffin said the process of dynamics, adaption, analytics and assessment prevented further damage from being done.
He told the SC Congress Canada conference this week that the strategy traced the tracks of the attackers who gained their initial foothold when an employee clicked on a malicious attachment contained in a socially engineered email.
“Within six to eight hours, we could [identify] anomalous behaviour of the core systems at RSA,” Griffin said.
Griffin acknowledged the slickness of the adversaries, who used a zero-day vulnerability to introduce a variant of the polymorphic malware dubbed Poison Ivy.
He described the attack as “commercial cybercrime”and said the hackers temporarily distracted RSA's security team by causing a "noisy” attack on the company's personnel systems while they siphoned out the crown jewels related to RSA's SecurID tokens.
“They were after ways to compromise credentials, from the ground up, of our customers,” Griffin said.
RSA failed to adequately lock down its access controls, a blunder that allowed infiltrators to gain unauthorised privileges, he said.
Defence contractors Lockheed Martin and L-3 were subsequently penetrated using authentication information obtained in the RSA heist.
RSA has since pledged to replace tokens for some customers.
Griffin said the lesson from the SecurID breach is the need to apply visibility to an organisation's risk posture.
A former director of risk and compliance at the Canadian Imperial Bank of Commerce, Jason Hall, said complexity was the biggest challenge he faced when introducing a governance, risk and compliance program at the financial institution.
Hall said he had to wade through scores of dashboards, stakeholders, data sources, frameworks and assessments, and recommended that security professionals define the process before they begin similar projects.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.