RSA offers token replacement after Lockheed attacks

SecurID token replacement has been reserved for customers "focused on protecting intellectual property and corporate networks."

Threat

RSA has offered to replace certain users' SecurID tokens following significant attacks on the security firm in March.

The company also admitted yesterday the SecurID data taken during the breaches had been used in an attack on US defence supplier Lockheed Martin.

"On Thursday 2 June 2011, we were able to confirm that information taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin, a major US government defence contractor," said Art Coviello, executive chairman of RSA, in an open letter.

"We recognise that the increasing frequency and sophistication of cyber attacks generally, and the recent announcements by Lockheed Martin, may reduce some customers' overall risk tolerance."

RSA offered token replacement to those customers "with concentrated user bases typically focused on protecting intellectual property and corporate networks."

"We will continue to work with all customers to assess their unique risk profiles and user populations and help them understand which options may be most effective and least disruptive to their business and their users," Coviello said.

For anyone who thought tokens might be on their way out as a two-factor authentication mechanism, RSA appeared to disagree.

"We will continue to invest heavily in both our SecurID and our risk-based authentication technologies," Coviello added.

"We believe that SecurID is the most powerful multi-factor authentication solution in the industry."

Lockheed lament

RSA's confirmation of the information used in the attempt on Lockheed came after much speculation duplicates of the SecurID tokens were used in the attack.

Rick Moy, president and chief executive (CEO) of NSS Labs, claimed Lockheed had long enough to change its tokens following the strike on RSA.

"Lockheed had slightly over two months from the time that EMC notified them and other RSA SecurID customers about their breach," Moy said in a blog post.

"Based upon their remediation actions for this breach, Lockheed Martin's senior executives chose to do very little about the compromised SecurID token technology in spite of many warnings issued by security specialists about the potential aftereffects of the RSA attack."

At the time of publication, Lockheed had not offered IT PRO a response to Moy's criticisms.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Virtual Cable offers VPN-free remote desktop access
virtual desktop

Virtual Cable offers VPN-free remote desktop access

21 Apr 2021
Lenovo and Nutanix introduce hosted desktop as a service solution
virtual desktop

Lenovo and Nutanix introduce hosted desktop as a service solution

20 Apr 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Jack Dorsey resigns as Twitter CEO
business management

Jack Dorsey resigns as Twitter CEO

29 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021