Ever since security giant RSA was hacked last March, anti-virus researchers have been trying to get a copy of the malware used for the attack to study its method of infection. But RSA wasn’t cooperating, nor were the third-party forensic experts the company hired to investigate the breach.
This week Finnish security company F-Secure discovered that the file had been under their noses all along. Someone — the company assumes it was an employee of RSA or its parent firm, EMC — had uploaded the malware to an online virus scanning site back on March 19, a little over two weeks after RSA is believed to have been breached on March 3. The online scanner, VirusTotal, shares malware samples it receives with security vendors and malware researchers.
RSA had already revealed that it had been breached after attackers sent two different targeted phishing e-mails to four workers at its parent company EMC. The e-mails contained a malicious attachment that was identified in the subject line as “2011 Recruitment plan.xls.”
Despite all the sophisticated management information systems that have been deployed in organisations, tools like email and spreadsheets remain the lowest common denominator work tools for knowledge workers, particularly between organisations. Together, I look at these tools as the original social software and the hackers knew that the odds of getting a hit were in their favour because humans are fallible.
I have no idea how much the RSA SecurID hack has cost government and industry, but I imagine it was significant. But imagine if next generation social collaboration tools were the norm, with social objects shared through humanised systems – could this hack have been avoided? Would those users have paused to consider who was sending them information, before they opened the file?
I mean, we don’t even have a ROI figure for email and spreadsheets – they are clearly risky technologies that should be banned until we know for certain…