New SecurID Breach Details

RSA employee Uri Rivner shares new details on the SecurID breach in an April 1st blog post. What was initially described as an “extremely sophisticated attack” of the “Advanced Persistent Threat” variety turns out to have been a simple spear-phishing campaign with a malicious Excel attachment containing a 0-day Adobe Flash exploit (perhaps this is what RSA means by “extremely sophisticated”). Once the attacker established a foothold inside the network, it was apparently a simple matter to find a way to the crown jewels. The attack was reportedly detected in progress, although this did not prevent the stolen data from making its way to an unknown destination on the Internet via FTP. RSA is not doing itself any favors by continuing to withhold the details of what was stolen, and putting a ridiculous corporate spin on what was essentially a simple, run-of-the-mill phishing attack.