The statement, by the same CEO of RSA Arthur W. Coviello in the company's blog, is an open letter to all its customers, in which it informs of the discovery of said attack, defining it as an APT (Advanced Persistent Threat, or persistent advanced threat) in full rule, a fashionable term especially after the events that occurred last year with the case of the Hacking of Google. Sophisticated attacks are included, almost always having to resort to 0daysy whose main objective is the theft of information.
We do not know more details of the attack, Coviello has already announced that the case is in the hands of the Government, and we are sure that during the next few days we will know more and more... or so we hope at least.
What could have happened? Has it been a social engineering attack again as it was with everything about HBGary and Rootkit.com? Have you engaged any workers, and your computer was full of succulent information, or did you have access to the internal network? We're not sure, but I personally vote for a chain of events, which if RSA doesn't report on the times, could add up. Here's a theory, which might add up:
1) In February of this year, the RSA Conference took place, a highly prestigious security congress organized by RSA. Obviously, in that congress there should be some other worker of that company.
2) "Perhaps", some of these workers would not have their laptop sufficiently configured and secured, or for a moment left it somewhere, susceptible to a physical attack. Or "maybe", in one of the stands that the company itself had, there were systems that would then be plugged into its network.
3) Someone could plant a gift in one of these systems, some malware, perhaps during one of the multiple parties that were celebrated, someone took advantage of the moment and compromised some of the systems.
4) The RSA Conference passed, everything returned to its normal cycle, and the attack on returning home became effective, leaving the door open to the bad guys to enjoy such a juicy net from their own home.
Could it be no? To dismantle this theory, we should only know when such an attack could have occurred, or if there are indications of some type of infection in any of the equipment of an employee.
We will eagerly await more information about the attack, and above all, the real scope and what it could mean for your products.
Source: Security by Default
