RSA Reveals and Explains Data-Hack against It
The EMC security division RSA has disclosed that a data-breach, which occurred against the company during the middle of March 2011, was due to one spear phishing assault wherein attackers abused vulnerability in Adobe Flash, which wasn't yet patched. Computerweekly.com reported this on April 4, 2011.
Said analyst Avivah Litan at Gartner, attackers sent phishing e-mails targeting low-level end-users of RSA, who received the messages in their spam folders. Indeed according to Litan, those low-profile end-users were really RSA employees. Eweek.com reported this on April 4, 2011.
Furthermore, Litan said that the phishers' e-mail exhibited "2011 Recruitment Plan" as its header.
And though the e-mail directly landed into the spam folder, one RSA employee was intrigued with it, who restored the message as also viewed its attachment. But the attached file dropped an RAT (remote access tool) namely "Poison Ivy" via un-patched vulnerability in Adobe Flash. The Poison Ivy remote access tool was from the family of GhostNet RATs, which attackers employed against The Tibetan Government in Exile during 2009, said Head of New Technologies Uri Rivner at RSA. ITnews published this on April 4, 2011.
Paradoxically, after opening the attached Excel file, the spreadsheet abused a 0-day flaw, lately discovered in Adobe Flash. Indeed, it was March 14, 2011 that Adobe declared the flaw following which the company issued a patch on March 21, 2011 just missing the prevention of the first abuse.
Nevertheless, once the Trojan was installed, it enabled the attackers to dig at credentials as also reach and climb the RSA food-sequence through personal accounts of both IT as well as non-IT employees. This continued till the attackers gained admission into the targeted computers, stated Litan. Thereafter, they stole the data on the targeted computers and transmitted it onto another hijacked PC. But immediately when RSA saw the assault they aborted it thus preventing further damage.
Meanwhile, according to principal analyst Jon Oltsik at the Enterprise Strategy Group, RSA, which wasn't sure of the date and time of dispatch of the phishing messages or the period of the attack's operation, speculated that possibly it involved several months. Eweek.com reported this.
Related article: RSA Attendees Responsible for Wireless Vulnerability
» SPAMfighter News - 13-04-2011