The notorious hack which hit RSA last month, when data on one of the security firm's token products was stolen, used a known flaw in Adobe Flash.
Low-level employees were targeted by two different phishing emails over a two-day period, the company revealed on a blog over the weekend.
The messages came attached with an Excel document entitled 2011 Recruitment plan.xls,' and contained a zero-day exploit which took advantage of a now-patched Adobe Flash vulnerability.
The hackers then moved to install a remote administration tool, before gaining access privileges for the targeted SecurID data and files.
The files were stolen and sent to an external machine at a hosting provider.
"In our case the weapon of choice was a Poison Ivy variant set in a reverse-connect mode that makes it more difficult to detect, as the PC reaches out to the command and control rather than the other way around," said Uri Rivner, head of new technologies for consumer identity protection at RSA.
Rivner stressed RSA was quick to detect the Advanced Persistent Threat (APT) something other companies have not been able to do.
"I've been talking to many CISOs in corporations that were hit by similar APTs and a lot of companies either detected the attacks after months, or didn't detect them at all and learned about it from the Government," Rivner said.
"This is not a trivial point: by detecting what is happening early on, RSA was able to respond quickly and engage in immediate countermeasures."
RSA was also keen to defend the way it handled the attack after it hit.
"[RSA] secured their internal systems, and provided customers with specific recommendations designed to ensure their systems were secured as well," said Mischel Kwon, a former president of the United States Computer Emergency Readiness Team (US-CERT), in a blog post on the RSA website.
"Understanding the level of information RSA gave their customers, you understand how RSA deliberately and carefully released the right amount of information to protect the customer, but did not release information that would create unintended risk. This was a difficult balance."
Kwon, who was once vice president of public sector security for RSA, but now owns her own consulting firm, criticised a number of security pros for giving "very uninformed opinions" to the press.
"Understanding who is involved and who is not is critical. RSA was very deliberate and responsible in getting the correct mitigation strategy to those who would need itthe customers," she added.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsAnalysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever
-
RSAC Conference day three: using AI to do more with less and facing new attack techniques
-
"There needs to be an order of magnitude more effort": AI security experts call for focused evaluation of frontier models and agentic systemsNews Evaluating the risks of dynamic, evolving AI networks is slow work for cybersecurity analysts
-
Cyber defenders need to remember their adversaries are human, says Trellix research headThere's a growing overlap between nation-state actors and cybercriminals, but these attackers are real people who make mistakes
-
RSAC Conference day two: A focus on new hacking tacticsFrom quantum to AI, experts discussed how new and experimental technologies could be used by hackers to access and decrypt sensitive data
-
RSAC Conference Day One: Vibe Is 'All In' on AI for SecurityNews Artificial intelligence took center stage as RSAC Conference looks at how the discussion has moved from generative AI to agentic AI
