If you’re a recipient of an e-mail containing the attached file “2011 Recruitment plan.xls” then beware — that email is a malware, a phishing email out to trick you to click it so the hacker behind such can burrow into your computer system and get data from you. This is exactly what happened with the attacks to the RSA Security system, early on March 2011. Such breach of security resulted into intruders being able to steal information regarding the company’s SecurID two-factor authentication products. This implied that the RSA, which is supposed to be the world’s leading security provider for the most complex security challenges, may no longer be considered as a fortress in the context of security.
RSA however assures its clientele that they are already in the process of finding resolutions to their pressing concerns. Currently, they have come into knowledge that there were two hacker clans that have attacked their system. The two hackers are also not really working together and have come into possession of some inside information about RSA’s computer naming conventions, which is the reason why they could blend in their activities with the activities of the legitimate network users. Also, the hackers have knowledge about RSA’s Active Directory which is used to manage user authentication on the network. The hackers also seem to be after US Defense contractors.
As an immediate answer to the phenomenon, RSA readily replaced the SecurID tokens of their customers after the breached of their security system. Since this isn’t enough, the RSA community turned to announcing how the breach of security had happened, possibly to warn other people of the process that such phishing incident would commit when trying to steal data from the recipients.
Apparently, when the “2011 Recruitment plan.xls” attachment is clicked, it uses a zero-day exploit, targeting Adobe Flash to leave another malicious file in the computer where such has been opened. This malicious file is a back door — one that gives the attackers the access to the computer network they had just breached into. The email, is well crafted thus no one would really suspect it as a malware.
The facts that the breach was sophisticated and seemed to be into getting into the networks of, again, US Defense contractors, make it look like then that the attacks are possibly backed by some government or nation.