RSA SecurID data stolen by a “nation state”

RSA SecurID

Last March, infiltrators carried out a quiet cyberattack against RSA, obtaining information about the operation of its SecurID tokens, hardware devices used by corporations, governments, and organizations to establish secure VPN connections with remote employees. RSA admitted the breach in April and began replacing SecurID tokens last June, but now RSA is revealing a bit more about the attack. Speaking at a Q&A session at the RSA Conference in London, RSA chairman Art Coviello said the attack’s methodology revealed that two separate teams were at work, and the company is very confident that the skill and resources required by the attack had to have been supported by a nation.

“We’ve not attributed it to a particular nation state although we’re very confident that with the skill, sophistication and resources involved it could only have been a nation state,” ZDNet UK quotes Coviello as saying.

RSA was apparently the victim of a targeted malware attack via a spreadsheet sent to a small number of employees, carefully worded to get someone to open the attachment. At least one did, and a malicious Adobe Flash object within the spreadsheet exploited a zero-day vulnerability that enabled the attackers to install a remote access Trojan horse. Once that was in place, hackers used the Trojan to explore RSA’s internal network and look for information about how its SecurID tokens operate. And they found it: information gleaned from the attack was subsequently used in an unsuccessful attack against U.S. defense contractor Lockheed Martin.

SecurID tokens are used as an additional layer of security over-and-above standard username-password combinations as a way to secure VPN logins from untrusted networks—like the Internet. When users connect, they’re prompted for an authorization key displayed on the SecurID token issued to them. These numeric keys change at a fixed interval (usually every minute)—the idea is that even if an attacker has a user’s name and password, they’d still need a unique number to access the network—and that number constantly changes. The information stolen in the RSA breach apparently enabled attackers to generate SecurID keys without the physical tokens.

Some industry watchers have expressed skepticism that the attack was carried out by a nation, noting there’s nothing in particular about the attack as subscribed that points to a government-backed operation. Yes, the information gleaned in the attack was used to go after a defense contractor, but the data could easily have been sold or changed hands numerous times after the attack—there’s not necessarily a direct connection between the perpetrators of the breach and the attackers who went after Lockheed Martin.

“It seems very odd to me for a company to say that they have determined that a country had attacked them, but to not then name the country,” wrote Sophos’ Graham Cluley in its Naked Security blog.

RSA has not disclosed how many tokens it replaced in the wake of the breach, but indicated that replacement had been completed by August.

Computing

These are the worst passwords of 2018. Is yours on this list?

Do you use a bad password that makes your online accounts easy to break into? SplashData has compiled a list of the top 100 worst passwords for 2018 and there are quite a few listings that were carryovers from prior lists.
Mobile

5G’s arrival is transforming tech. Here’s everything you need to know to keep up

It has been years in the making, but 5G is finally becoming a reality. While 5G coverage is still extremely limited, expect to see it expand in 2019. Not sure what 5G even is? Here's everything you need to know.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.
Movies & TV

The best shows on Netflix, from 'Haunting of Hill House’ to ‘Twilight Zone’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

Windows Update not working after October 2018 patch? Here’s how to fix it

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Computing

Microsoft could split up search and Cortana in the next Windows 10 release

In the latest Insider preview build, Microsoft is exploring ways to split up Cortana and search on Windows 10. If Microsoft moves ahead with this change, we could see separate search and Cortana options in the Spring 2019 Update.
Computing

Mining cryptocurrency for Razer Silver isn’t worth your computing power

Gaming peripheral maker Razer launched a cryptocurrency mining scheme called SoftMiner. You use its software to mine and in return, you get Razer Silver which you can use to buy Razer gear.
Computing

Microsoft’s latest patent paves the way for Andromeda dual-screen mobile device

The latest patent discovery from Microsoft showcases a new hinge design for quickly opening a dual-screen mobile device with a single hand. Could this be additional proof surrounding the rumors of the company's Project Andromeda device?
Computing

Heal your wrist aches and pains with one of these top ergonomic mice

If you have a growing ache in your wrist, it might be worth considering changing up your mouse for something ergonomic. But which is the best ergonomic mouse for you? One of these could be the ticket to the right purchase for you.
Computing

Nvidia’s Jetson AGX Xavier module is designed to give robots better brains

Nvidia's pricey Jetson AGX Xavier might help drive the next generation of smart robots. Nvidia hopes that developers will use its new Xavier module to power AI-driven machines like delivery drones and robots used in manufacturing.
Computing

These Windows 10 keyboard shortcuts will update your OG Windows skills

Windows 10 has many new features, and they come flanked with useful new keyboard shortcuts. Check out some of the new Windows 10 keyboard shortcuts to improve your user experience and save more time!
Computing

Leaked AMD Ryzen 3000 mobile benchmarks look fit for thin, low-power laptops

AMD is poised to give Intel a run for its money in the ultra-low-power processor space for laptops. Leaked benchmarks for the Ryzen 3000 APU series show the AMD processor besting Intel's Core i7 Y series in multicore performance.
Mobile

Apple is spending $1 billion to hire up to 15,000 new employees in Austin

Apple has announced a series of expansions across the U.S. -- including a massive expansion to the company's Austin campus that will see it spending $1 billion to accommodate for up to 15,000 new employees.