RSA offers token replacement after Lockheed attacks

SecurID token replacement has been reserved for customers "focused on protecting intellectual property and corporate networks."

Threat

RSA has offered to replace certain users' SecurID tokens following significant attacks on the security firm in March.

The company also admitted yesterday the SecurID data taken during the breaches had been used in an attack on US defence supplier Lockheed Martin.

"On Thursday 2 June 2011, we were able to confirm that information taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin, a major US government defence contractor," said Art Coviello, executive chairman of RSA, in an open letter.

Advertisement - Article continues below

"We recognise that the increasing frequency and sophistication of cyber attacks generally, and the recent announcements by Lockheed Martin, may reduce some customers' overall risk tolerance."

RSA offered token replacement to those customers "with concentrated user bases typically focused on protecting intellectual property and corporate networks."

"We will continue to work with all customers to assess their unique risk profiles and user populations and help them understand which options may be most effective and least disruptive to their business and their users," Coviello said.

For anyone who thought tokens might be on their way out as a two-factor authentication mechanism, RSA appeared to disagree.

"We will continue to invest heavily in both our SecurID and our risk-based authentication technologies," Coviello added.

Advertisement
Advertisement - Article continues below

"We believe that SecurID is the most powerful multi-factor authentication solution in the industry."

Lockheed lament

RSA's confirmation of the information used in the attempt on Lockheed came after much speculation duplicates of the SecurID tokens were used in the attack.

Advertisement - Article continues below

Rick Moy, president and chief executive (CEO) of NSS Labs, claimed Lockheed had long enough to change its tokens following the strike on RSA.

"Lockheed had slightly over two months from the time that EMC notified them and other RSA SecurID customers about their breach," Moy said in a blog post.

"Based upon their remediation actions for this breach, Lockheed Martin's senior executives chose to do very little about the compromised SecurID token technology in spite of many warnings issued by security specialists about the potential aftereffects of the RSA attack."

At the time of publication, Lockheed had not offered IT PRO a response to Moy's criticisms.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020
Election officials are vulnerable to phishing attacks, report warns
phishing

Election officials are vulnerable to phishing attacks, report warns

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020