At the time of the data breach, RSA executive chairman Art Coviello assured customers that “we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers.” The SecureID token enables remote access for employees to secure networks by generating, every few seconds, a different random number string used to log into the network.
Admitting that his earlier statement was not wholly accurate, Coviello said Monday that the recent cyberattack on Lockheed Martin was a result of information taken from RSA in March.
“It is important for customers to understand that the attack on Lockheed Martin does not reflect a new threat or vulnerability in RSA SecurID technology. Indeed, the fact that the only confirmed use to date of the extracted RSA product information involved a major U.S. defense contractor only reinforces our view on the motive of this attacker”, Coviello stressed.
The RSA head said his company would replace SecureID tokens for customers “with concentrated user bases typically focused on protecting intellectual property and corporate networks” and would implement “risk-based authentication strategies” for customers with a large, dispersed user base, such as financial institutions.
“We will continue to work with all customers to assess their unique risk profiles and user populations and help them understand which options may be most effective and least disruptive to their business and their users”, Coviello added.
When the RSA breach first occurred, a security expert consulted by Infosecurity expressed concern that the hackers had gained access to the SecureID seed record database. By issuing new tokens, RSA would be able to use new seed numbers unknown to the hackers.