funsec mailing list archives
Found: the missing link in RSA SecurID hack
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 26 Aug 2011 23:37:51 -0400
It kind of takes the wind out of the sails of the "Advanced Persistent Threat" defense.... http://www.pcpro.co.uk/news/security/369556/found-the-missing-link-in-rsa-securid-hack: Security researchers have finally discovered the back-door file that allowed hackers to break into RSA and subsequently hack defense specialists Lockheed-Martin and Northrop-Grumman. The malware has been the subject of the viral equivalent of a witch-hunt since the attacks, with security researchers baffled by its identity. It transpires, however, that the file was lurking in the security industry’s common database all along. According to security firm F-Secure, the quest to identify the file that allowed access ended right beneath researchers' noses. “We knew that the attack was launched with a targeted email to EMC employees (EMC owns RSA), and that the email contained an attachment called 2011 Recruitment plan.xls,” said the company’s chief research officer Mikko Hypponen on the company blog. ... According to F-Secure, the infection relied on classic social-engineering trickery to target individual users within the company. “It was an email that was spoofed to look like it was coming from recruiting website Beyond.com,” Hypponen said. “It had the subject ‘2011 Recruitment plan’ and one line of content: ‘I forward this file to you for review. Please open and view it.’ The message was sent to one EMC employee and cc'd to three others.” ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Found: the missing link in RSA SecurID hack Jeffrey Walton (Aug 26)