In one of the most high profile attacks on a major security company, computer giant EMC said in government filings that its security division, RSA, had seen "certain information" in its SecurID system compromised.
RSA's a SecurID system is used by some 40 million users at tens of thousands of companies and government agencies. While the attack did not directly steal user information, some worry this is part of a trend whereby attackers target security providers with custom-crafted attacks in order to get to the user accounts that will provide access to proprietary information.
"This shift from broad generic to custom-crafted specific attacks is by far the largest change we've seen affecting companies and government agencies," says Alan Paller, director of research for the Sans Institute, a computer security education organization in Bethesda, Md.
So, how did the attacker get a toehold on RSA's system?
"The attacker in this case sent two different phishing e-mails over a two-day period," Uri Rivner of RSA wrote in a blog post Friday. "The two e-mails were sent to two small groups of employees; you wouldn't consider these users particularly high profile or high value targets. The email subject line read "2011 Recruitment Plan."
The well-crafted e-mail tricked employees to open an attached Excel spreadsheet file titled "2011 Recruitment plan.xls" using a "zero-day" (never before seen) attack software to install a backdoor entry onto the computer, he wrote.
"It’s a little similar to stealth air fighters," Mr. Rivner wrote of the attack method. "For decades you’ve based your air defense on radar technology, but now you have those sneaky stealth fighters built with odd angles and strange composite materials."
