Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

RSA’s “Trial by Fire” Caused by Two State-Sponsored Groups

Speaking in London during the RSA Conference Europe, RSA’s executive chairman, Art Coviello, and president, Thomas Heiser, addressed the breach that rocked the security world, and left egg on the company’s face.

Speaking in London during the RSA Conference Europe, RSA’s executive chairman, Art Coviello, and president, Thomas Heiser, addressed the breach that rocked the security world, and left egg on the company’s face.

Calling it a trial by fire, Heiser addressed the reaction to RSA’s PR nightmare with another apology.

RSA Europe 2011“Many stakeholders felt we could have done more and we should have done more, sooner, and to those customers we inconvenienced, we truly apologize.”

Heiser said that the attack did not undermine the integrity of RSA’s entire system. This while reiterating that the attackers knew what they were looking for, were persistent, and coordinated.

“Two groups were involved in the attack. Both are known to authorities, but they have never worked together before” he commented during a keynote address.

Coviello added a little more detail to that statement, while leaving the door open to speculation.

“There were two individual groups from one nation state, one supporting the other. One was very visible and one less so… We’ve not attributed it to a particular nation state although we’re very confident that with the skill, sophistication, and resources involved it could only have been a nation state.”

The Department of Homeland Security and the FBI are still investigating the case, and RSA has avoided reporting additional information due to this fact. However, the attackers did leave information behind, presenting a stable starting point. After the breach, recently acquired technology from NetWitness helped with the investigation and remediation.

“The existing perimeter is not enough, which is why we bought NetWitness. The NetWitness technology allowed us to determine damage and carry out remediation very quickly,” Coviello commented.

On the point that the attack on RSA led to other breaches, including those against U.S. military contractors, Heiser noted that the media got it wrong in some cases, establishing that only one contractor had actually been hit. Heiser did not name the defense contractor, but Lockheed Martin reported a breach back in May, noting that RSA SecurID tokens would be replaced.

For the most part, while the keynote session and Q&A were insightful, RSA refused to offer additional details on the attack. It doesn’t want the groups behind the breach to have any idea what the company knows about them. Plus, the incident is still under investigation.

Related Reading: Three Lessons from the RSA Hack, from a Customer’s Perspective

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.