Found: the missing link in RSA SecurID hack

[Jeffrey Walton <noloader () gmail com>]

It kind of takes the wind out of the sails of the "Advanced Persistent
Threat" defense....

http://www.pcpro.co.uk/news/security/369556/found-the-missing-link-in-rsa-securid-hack:

Security researchers have finally discovered the back-door file that
allowed hackers to break into RSA and subsequently hack defense
specialists Lockheed-Martin and Northrop-Grumman. The malware has been
the subject of the viral equivalent of a witch-hunt since the attacks,
with security researchers baffled by its identity. It transpires,
however, that the file was lurking in the security industry’s common
database all along.

According to security firm F-Secure, the quest to identify the file
that allowed access ended right beneath researchers' noses. “We knew
that the attack was launched with a targeted email to EMC employees
(EMC owns RSA), and that the email contained an attachment called 2011
Recruitment plan.xls,” said the company’s chief research officer Mikko
Hypponen on the company blog.
...

According to F-Secure, the infection relied on classic
social-engineering trickery to target individual users within the
company. “It was an email that was spoofed to look like it was coming
from recruiting website Beyond.com,” Hypponen said. “It had the
subject ‘2011 Recruitment plan’ and one line of content: ‘I forward
this file to you for review. Please open and view it.’ The message was
sent to one EMC employee and cc'd to three others.”
...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.