As reported late last week, EMC Corp.'s RSA Security experienced a severe security breach which could impact its financial institution clients that number in the thousands. 

 

Many financial institutions use RSA's security tokens for online banking access and to securely access other systems.  RSA reports that the breach is "a serious and far reaching threat."

 

RSA posted an open letter to its customers on its website Thursday.  The letter noted that the attack extracted certain information from RSA systems.  "Some of that information is specifically related to RSA's SecurID two-factor authentication products," the letter stated.  

 

Many financial institutions began using RSA tokens because of the 2005 FFIEC mandate for two-factor authentication and to mitigate the risk associated with corporate customers originating ACH credits via online banking.  Much like the Zeus Trojan which was used to steal users' online credentials, the potential exists that tokens could be compromised and used to establish what appear to be legitimate online banking sessions but are actually the hacker initiating fraudulent ACH or wire transactions. 

 

No system or device is hack-proof but this is certainly bad news for users of physical tokens as the tokens have been more successful in preventing attacks than some software-based authentication measures.

 

What should be done to combat this new threat? 

 

-  Continue plans to implement a multi-layered approach to online banking security, including traditional controls and technology. 

-  Apply additional controls and security measures to high-dollar, high-risk transactions. 

-  Activate ACH filtering and blocking to protect against unauthorized transactions. 

-  Encourage customers to increase their internal security measures in the form of anti-malware, firewalls, intrusion prevention systems, patch management, and proper browser security, to name a few measures. 

-  Offer transaction alerts via the online banking system.

-  Review your online cash management customer agreements.

-  Contact your online banking system provider for guidance.

-  Continue to monitor the RSA investigation to determine how it impacts your organization and your customers.

-  Implement a strong Security Awareness program.

-  Ensure that this issue is covered in your annual, full-scope IT Audit and Network Vulnerability Assessment.

 

We will explore this security breach and other Advanced Persistent Threats (APTs) in additional detail at Bank Tech University later this week and we will issue additional alerts should the situation warrant.