In the middle of March, RSA detected a cyber attack on its systems and found that information related to their SecurID two-factor authentication system had been taken. This information seems to be a “skeleton key” to the whole system and the hackers are using this information to take down organizations that use RSA SecurID. Some of these organizations include major US government defense contractors like L3 Communications and Lockheed Martin, who reportedly thwarted the attack on their systems. Due to the sensitive nature for these customers and the importance of security, RSA has offered to replace the SecurID tokens used in these organizations.
Executive Chairman Art Covellio said in an open-letter to RSA customers:
As a result, we are expanding our security remediation program to reinforce customers’ trust in RSA SecurID tokens and in their overall security posture. This program will continue to include the best practices we first detailed to customers in March, and will further expand two offers we feel will help assure our customers’ confidence:
- An offer to replace SecurID tokens for customers with concentrated user bases typically focused on protecting intellectual property and corporate networks.
- An offer to implement risk-based authentication strategies for consumer-focused customers with a large, dispersed user base, typically focused on protecting web-based financial transactions.
While stressing that this is not a new vulnerability or weakness to RSA SecurID, this promise could involve replacing millions of tokens. Though it may cost a lot, it would be an even larger expense to their reputation and business if the technology were compromised or the secrets of some of these big companies were lost.
We will continue to invest heavily in both our SecurID and our risk-based authentication technologies. We will provide additional factors for strong authentication. We will integrate these solutions with our cybercrime intelligence to better identify suspicious behavior targeted at networks, transactions and user sessions. We will ensure that these technologies provide trusted access to virtual and cloud computing resources, leveraging our Cloud Trust Authority. And we will help customers more effectively create the kinds of layered defense capabilities essential to combat today’s advanced threats by drawing on our broad portfolio of data loss prevention, security event management, deep packet inspection technologies, and our extensive services expertise.
Two-factor authentication takes advantage of something you know, like a password, and something you have, the RSA token. The problem after this breach is that you might not be the only one who has it.