Home

Partners

Remote Support Assistance

Management Team

Our History

Employment

Security Strategy, Framework & Policy

Risk Assessment

Control Implementation

Security Education

Maintenance, Monitoring and Support

Managed Services

Information Security Consulting

Security Integration

Licensing and Maintenance

Security Information and Event Management

Identity and Access Management

Remote Access

Data Leakage Prevention

Threat Management and Mitigation

Partner News

RSA

Earth Wave

McAfee

Check Point

Clear Swift

Palo Alto Networks

Blue Coat

Security Capabilities

Approach

Security Strategy, Framework & Policy

Risk Assessment

Control Implementation

Security Education

Maintenance, Monitoring and Support

Services

Managed Services

Information Security Consulting

Security Integration

Licensing and Maintenance

Solutions

Security Information and Event Management

Identity and Access Management

Remote Access

Data Leakage Prevention

Threat Management and Mitigation

Security News

eNEWSLETTER SIGNUP
Sign up here to receive our quarterly newsletter.

Remote Support Assistance
Join a Support Session with a Loop Client Support Services Engineer

RSA announces attack on SEcurID systems

CRITICAL ACTIONS FOR SECURID INSTALLATIONS
RSA, the security division of EMC have just announced that a recent attack on RSA’s systems has resulted in certain information being extracted from RSA’s systems that relates to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. RSA urges immediate action.

Description:
Recently EMC’s security systems identified an extremely sophisticated cyber attack in progress, targeting the RSA business unit. EMC took a variety of aggressive measures against the threat to protect their business and their customers, including further hardening of IT infrastructure. They also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities.

The investigation has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA’s SecurID two-factor authentication products. While at this time EMC are confident that the information extracted does not enable a successful direct attack on any RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.
We strongly urge immediate customer attention to this advisory, and are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations.

Affected Products:
The affected products are RSA SecurID implementations.

Overall Recommendations:
First, please be advised to follow all RSA provided Best Practices and Recommendations for your environments. These can be found below. The best practices to focus on are:

RSA SecurID® Authenticators
• RSA Authentication Agents
• RSA SecurID Software Token
RSA® Authentication Manager
• RSA Authentication Manager 6.1
• RSA Authentication Manager 7.1
RSA SecurID Authentication Engine

RSA also strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides linked above.

• We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
• We recommend customers enforce strong password and pin policies.
• We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.
• We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
• We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
• We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
• We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
• We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
• We recommend customers update their security products and the operating systems hosting them with the latest patches.

If you have reviewed the FAQ and Best Practices and have further question, EMC Support is available 24x7 to answer your questions. EMC Support may be contacted at:
+1-508-497-7901; Option #5 [RSA]; Option #1 [Security Bulletin].

Secondly, it is recommended to all RSA customers that they proactively issue internal communication to their inbound call centres or other teams who interface with their own end users who receive tokens. We advise a message to internal resources along the following lines:

“We have been informed by RSA, the provider of our security tokens, of a sophisticated cyber attack against their organization. RSA has alerted us that they are confident nothing was lost which would enable a successful direct attack on any of our customers. We will continue to work with RSA to closely monitor and address the situation; in the meantime we recommend end users be advised to not ignore basic security practices – avoid suspicious emails, and always avoid giving out passwords and credentials to anyone without verification of that person’s identity.”

Loop Technology's first priority is to ensure your security. We will continue to keep you updated regarding this RSA issue and any developments.