This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Malware campaign uses RSA SecurID as subject matter, as cost of incident suspected to be around £40 million

Share this article:
Malware campaign uses RSA SecurID as subject matter, as cost of incident suspected to be around £40
Malware campaign uses RSA SecurID as subject matter, as cost of incident suspected to be around £40

New malware campaign exploiting the RSA incident detected as cost of attack rises to estimated £40m

According to a blog by Troy Gill, researcher at security firm AppRiver, messages have been seen that pose as a message from RSA stating that an ‘unsafe vulnerability' has been found in some token devices. The message contains a link to what is claimed to be a security scanner that would detect this vulnerability. However further inspection found this to be a Zeus variant

Gill said: “Seemingly the creators of this attack consider the breach of RSA an opportunity to capitalise on perceived and real vulnerabilities that resulted from the hack. Attackers are forever looking for the perfect angle of attack, one that will make you think that the message is legit.

“While I don't expect most individuals to fall for this, there is also a great amount that will, some of which who will mentally make some connection to the RSA breach. This connection may give the messages the air of legitimacy that they need to be opened and clicked through.”

Meanwhile, it was estimated last week that the RSA incident has cost the company $66 million (£40 million). According to EMC's recent financial quarterly report, there was a $66 million charge related to the security breach and the replacement of SecurID tokens.

According to Larry Walsh, CEO and president of The 2112 Group and Channelnomics blogger, until this incident the RSA SecurID was ‘a bedrock technology' but it is now offering to replace SecurID tokens free of charge.

“RSA spokesperson Joe Gabriel said that customers who have determined that they don't feel comfortable with their existing risk posture have taken advantage of this program. Gabriel added that not every company needs to replace their SecurID tokens. The system remains relatively secure for many users, depending on their risk exposure,” he said.

“The replacement program costs aren't being passed along to partners. Gabriel noted that RSA partners are in close contact with the company and playing a critical role in the replacement program. However, they are not being asked to share the financial burden of the breach and the replacement program.”

Walsh also speculated that the $66 million figure will not be the final sum as enterprises need to assess their security posture and implement a replacement program, and he believed that further costs will be added in the third and fourth quarter.

Andy Kemshall, CTO at SecurEnvoy, said: “This is a lot of money and as well as questioning why their IT departments are continuing to use a hardware system that could be compromised once again, client organisations should also be looking at alternative options that can save them money in the shorter, as well as longer term.

“Hardware tokens are clearly a secure method of authenticating a user when accessing an IT system remotely, but if the underlying resource for that security is compromised, the fall-out can be significant.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Turn off WPS on routers for WiFi security

Turn off WPS on routers for WiFi security ...

A Swiss researcher is advocating turning off WPS to secure routers after finding a flaw that eliminates the randomness of codes generated by some routers when WPS is switched on...

Apple's iCloud hacked, nude celeb photos posted

Apple's iCloud hacked, nude celeb photos posted

Questions have been raised about the security of Apple's iCloud service, after a hacker posted nude pictures of celebrities to the 4Chan forum, claiming they were obtained after a hack ...