Two weeks ago RSA revealed in an open letter to its customers that its servers where compromised by, what they called, “an extremely sophisticated cyber attack”. As a result information relating to RSA’s SecurID two-factor authentication products was extracted from RSA’s systems.
Now, Avivah Litan, an analyst at Gartner Research, has revealed that the hackers used the recently revealed zero day exploit in Adobe’s Flash.
The hackers started their attack by sending phishing emails to groups of RSA employees. The emails were cheekily titled “2011 Recruitment Plan”. Attached to the email was an Excel spreadsheet with the recently-discovered Adobe Flash zero day flaw CVE-2011-0609. In turn this allowed them to download trojans onto RSA’s system where they started hacking until they finally gained privileged access.
Litan does praise RSA’s openness about the attack, but there are questions about RSA’s internal security especially since they sell a fraud detection systems based on user and account profiling that should spot abnormal behavior and intervene in real time.