Malware campaign uses RSA SecurID as subject matter, as cost of incident suspected to be around £40 million

News by Dan Raywood

New malware campaign exploiting the RSA incident detected as cost of attack rises to estimated £40m

New malware campaign exploiting the RSA incident detected as cost of attack rises to estimated £40m

According to a blog by Troy Gill, researcher at security firm AppRiver, messages have been seen that pose as a message from RSA stating that an ‘unsafe vulnerability' has been found in some token devices. The message contains a link to what is claimed to be a security scanner that would detect this vulnerability. However further inspection found this to be a Zeus variant

Gill said: “Seemingly the creators of this attack consider the breach of RSA an opportunity to capitalise on perceived and real vulnerabilities that resulted from the hack. Attackers are forever looking for the perfect angle of attack, one that will make you think that the message is legit.

“While I don't expect most individuals to fall for this, there is also a great amount that will, some of which who will mentally make some connection to the RSA breach. This connection may give the messages the air of legitimacy that they need to be opened and clicked through.”

Meanwhile, it was estimated last week that the RSA incident has cost the company $66 million (£40 million). According to EMC's recent financial quarterly report, there was a $66 million charge related to the security breach and the replacement of SecurID tokens.

According to Larry Walsh, CEO and president of The 2112 Group and Channelnomics blogger, until this incident the RSA SecurID was ‘a bedrock technology' but it is now offering to replace SecurID tokens free of charge.

“RSA spokesperson Joe Gabriel said that customers who have determined that they don't feel comfortable with their existing risk posture have taken advantage of this program. Gabriel added that not every company needs to replace their SecurID tokens. The system remains relatively secure for many users, depending on their risk exposure,” he said.

“The replacement program costs aren't being passed along to partners. Gabriel noted that RSA partners are in close contact with the company and playing a critical role in the replacement program. However, they are not being asked to share the financial burden of the breach and the replacement program.”

Walsh also speculated that the $66 million figure will not be the final sum as enterprises need to assess their security posture and implement a replacement program, and he believed that further costs will be added in the third and fourth quarter.

Andy Kemshall, CTO at SecurEnvoy, said: “This is a lot of money and as well as questioning why their IT departments are continuing to use a hardware system that could be compromised once again, client organisations should also be looking at alternative options that can save them money in the shorter, as well as longer term.

“Hardware tokens are clearly a secure method of authenticating a user when accessing an IT system remotely, but if the underlying resource for that security is compromised, the fall-out can be significant.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews