IronKey Rolls Out Protection for Banks and Customers from RSA SecurID Data Breach

Wireless News
03-24-2011
IronKey Rolls Out Protection for Banks and Customers from RSA SecurID Data Breach
Type: News

RSA Executive Chairman Art Coviello made a public announcement that cyber criminals had penetrated internal systems at RSA, the security division of EMC, and the resulting data breach could compromise the authentication capabilities of their SecurID authentication tokens.

SecurID tokens are used by tens of millions of users to securely log into online banking and enterprise networks over the Internet.
IronKey announced that their Trusted Access for Banking product is immediately available to allow banks to protect their commercial banking customers from the risk of compromised RSA SecurID authentication tokens.

"Criminals used an Advanced Persistent Threat (APT) attack to breach the RSA SecurID infrastructure, and can now combine that information with data-stealing malware in order to compromise high value online banking sites," said Dave Jevans, IronKey's founder and chairman. "IronKey is already working with banks impacted by the RSA SecurID data breach in order to protect their customers. Banks that are using IronKey Trusted Access for Banking in combination with RSA SecurID can be reassured that their online banking users are kept safe from criminals involved in this massive breach."

While law enforcement continues to investigate the breach at RSA, the incident threatens the integrity of bank payment services, enterprise remote access and government systems. It is the focus of ongoing efforts by the U.S. Treasury, FS-ISAC, and other industry bodies tasked with securing global financial services. The most likely scenario proposed by industry experts is that the secret codes, also known as seeds, used to generate one-time passcodes have been compromised or stolen, potentially allowing RSA SecurID authentication to be performed without a genuine token.

Criminals will likely turn to crimeware such as ZeuS and SpyEye to infect the computers of online banking users. These toolkits allow rapid development and distribution of Trojans that can match users to SecurID tokens and capture the additional information needed to successfully takeover online accounts and steal money. Additional data required by criminals include sample one-time passcodes generated by an RSA SecurID device or software token, authentication PINs, and private challenge answers only known to users.

Crimeware toolkit attacks likely to be used include:

- Man-in-browser attack: By modifying browser executables and shared libraries, criminals can present users with fake web pages and requests for information such as one-time password codes entry and private challenge answers

- Keylogging: Capture of keystrokes including one-time passcodes, authentication PINs, and other personally identified information

- Network monitoring: Listening for user access to specific online banking sites to activate attacks and filter for only relevant banking information

- DNS tampering: Modification of computer network settings to redirect users to realistic but fake banking sites used to capture credentials

Aware of the potential for compromise to online banking accounts requiring RSA SecurID authentication, RSA has recommended customers strengthen the security of SecurID deployments. These suggestions include use of strong passwords/PINs in combination with one-time passcodes, closely monitor user databases that could link users with tokens, and reiterate anti-fraud education. While best practice security recommendations, these methods have and can again be compromised using the malware toolkits and attacks described earlier.

IronKey Trusted Access for Banking allows banks to continue using their existing SecurID deployments and banking applications without enabling criminals to make use of the stolen RSA data. IronKey designed Trusted Access for Banking to isolate online banking users from APT attacks using toolkits such as ZeuS and SpyEye rather than trying to detect them.

In addition to immediately strengthening an RSA SecurID deployment, Trusted Access also allows banks to address current and draft industry guidelines. Trusted Access allows banks to provide a dedicated online banking experience as recommended by NACHA and the FBI.(1) As well, draft FFIEC guidance that updates 2005 online banking authentication guidelines recognizes that a USB device that securely connects users to online banking is a relevant multi-layer security control to prevent fraud.

IronKey Trusted Access for Banking is available immediately worldwide. With Trusted Access for Banking, users simply connect their Trusted Access USB device to their computer to automatically launch a protected, virtualized online banking environment. The Trusted Access Browser starts at the bank's home page and restricts users to only navigate to bank-authorized web sites. To protect users from ever-changing malware, Trusted Access for Banking does not rely on potentially compromised and vulnerable applications on the user's host computer. Instead, a secure, encrypted connection to online banking is made through the IronKey Trusted Network to lock out man-in-the-middle and DNS attacks. Advanced encrypted keyboard input protects users from keyloggers that can steal user names and passwords.

((Comments on this story may be sent to newsdesk@closeupmedia.com))

Copyright 2011 Close-Up Media, Inc. All Rights Reserved.
n/a