The Security Detail

Apr 4 2011   8:55PM GMT

RSA’s Achilles Heel Was…Adobe Flash

Tony Bradley Tony Bradley Profile: Tony Bradley

When RSA announced that it had discovered a network infiltration that allowed attackers to gain access to crucial information that could lead to the compromise of SecurID two-factor authentication tokens, it dubbed the attack “extremely sophisticated.” In the wake of the discovery, the speculation was that the attack was an APT (advanced persistent threat). New information, though, suggests that RSA was simply the victim of a common phishing attack exploiting a zero-day flaw in Adobe Flash.

Adobe issued a security advisory on March 14 warning users that a vulnerability had been discovered in Adobe Flash, as well as the authplay.dll function included in Adobe Reader and Adobe Acrobat. The flaw was being exploited in limited attacks which included a malicious Flash (SWF) file embedded within a Microsoft Excel (XLS) file attachment. Apparently, someone within RSA received that email attachment, opened the Excel file, and clicked on the Flash file–compromising his PC and giving the attackers complete access to the system.

Adobe released an update for Flash, Acrobat, and Reader (except for Reader X for Windows because the sandbox security already mitigates the threat) about a week after announcing the zero-day threat. I don’t know if RSA has implemented those updates yet, but hopefully it has.

The lesson here is that even if you are RSA–a company virtually synonymous with security, the namesake of the biggest security conference of the year, provider of two-factor authentication solutions relied on to protect systems and data around the globe–one well-timed social engineering attack, and a little human error is all it takes for an attacker to get inside and gain access to sensitive information.

The bonus lesson is that it is bad PR to call an attack “extremely sophisticated”, and then have to face the embarrassment when it is discovered that it was just an average, ordinary phishing attack–especially for a security company.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: