Case Study: Assessing the RSA Cyber Attack In March of 2011, EMC Corp’s RSA unit
ID: 3904348 • Letter: C
Question
Case Study: Assessing the RSA Cyber Attack In March of 2011, EMC Corp’s RSA unit disclosed that it had been the victim of a successful cyber-attack. The criminals targeted proprietary RSA SecureID Token information that could be used to breach the network security of defense contractors following questions:
1. How did the criminals get access to the RSA network?
2. Why was the attack successful? What controls were missing that may have prevented or detected the attack?
3. How was defense contractor Lockheed Martin impacted?
4. How much did the breach cost RSA? What are the estimated costs to RSA customers?
Explanation / Answer
1. The attacker sent “phishing” e-mails with the subject line “2011 Recruitment Plan” to two small groups of employees over the course of two days. Unfortunately, one was interested enough to retrieve one of these messages from his or her junk mail and open the attached Excel file. The spreadsheet contained malware that used a previously unknown, or “zero-day,” flaw in Adobe’s Flash software to install a backdoor.
After installing a stealthy tool that allowed the hacker to control the machine from afar, he stole several account passwords belonging to the employee and used them to gain entry into other systems, where he could gain access to other employees with access to sensitive data
Then came stage three: spiriting RSA files out of the company to a hacked machine at a hosting provider, and then on to the hacker himself.
2. hackers had stolen information that could be used to reduce the effectiveness of SecurID devices in keeping intruders from accessing corporate networks.
3. Lockheed Martin on June 4 disclosed the links between the attacks on its network and RSA. RSA on Monday offered to replace the 30 million to 40 million SecurID tokens in use by its customers.
The attack on Lockheed's network was the only confirmed use of extracted SecurID product information to date, Coviello wrote in the letter. However, other defense contractors, such as L-3, reportedly have been hit by attackers armed with the stolen data.
4. EMC spent the $66 million on transaction monitoring for its corporate customers who worried that their RSA security tokens — long considered the gold-standard for protecting sensitive data — had been compromised in the attack. EMC also offered replacements to any company that requested them.