SlideShare uma empresa Scribd logo

A 2011-04-02-01 two-factor authentication compromise-final

Hai Nguyen
Hai Nguyen
TecnologiaNegócios
1 de 3
Baixar para ler offline
Industry Advisory Two-Factor Authentication Compromise Initial Distribution: April 4, 2011 Increased Threats to Authentication Services Why am I receiving this? >> About NERC Alerts >> Status: No Reporting is Required – For Information Only Public: No restrictions. Will be posted to NERC’s website alert page. More on handling >> Instructions: NERC Advisories are designed to improve reliability by disseminating critical reliability information and are made available pursuant to Rule 810 of NERC’s Rules of Procedure, for such use as your organization deems appropriate. No particular response is necessary. This NERC Advisory is not the same as a reliability standard, and your organization will not be subject to penalties for a failure to implement this Advisory. Additionally, issuance of this Advisory does not lower or otherwise alter the requirements of any approved Reliability Standard, or excuse the prior failure to follow the practices discussed in the Advisory if such failure constitutes a violation of a Reliability Standard. Distribution: Initial Distribution: Primary Compliance Contacts Reliability Coordinator, Transmission Owner, Transmission Operator, Balancing Authority, Generation Owner, Generation Operator, Distribution Provider. Who else will get this alert? >> What are my responsibilities? >> Primary Interest Groups: Cyber Security – Control Systems, Cyber Security – Corporate IT, System Administrators, EMS Administrators, GMS Administrators, RSA Administrators Advisory: NERC has confirmed with RSA the recent cyber attack on SecurID two-factor authentication products. This attack may affect the security of the two-factor authentication tokens from RSA used by industry to allow remote access to entity devices and systems. Although the extent of the cyber attack on RSA is unknown, enough information may have been obtained by the attacker to allow a less sophisticated attack such as social engineering to succeed. The concern now is focused on information systems administration and user education steps that should be taken to help detect or prevent potential attackers from acquiring additional information from users. NERC is encouraging entities to implement the mitigation strategies outlined in Attachment 1 of this Advisory. This attachment contains specific information and suggested actions for mitigation in accordance with standard
detection, prevention, and recovery phases of an effective incident response and cybersecurity program. NERC is further encouraging entities to carefully review the Early Warning and Indicator Notice (EWIN)-11-077-01A Update that is attached to the Alert and take appropriate actions as described in Attachment 1. Since RSA has confirmed that specific information related to SecurID two- factor authentication products was compromised with the extent of the compromise unknown, the ES-ISAC estimates the potential risk to bulk power system reliability from this attack is MEDIUM. Attached: Attachment 1 – Mitigation Measures for Two Factor Authentication Compromise Attachment 2 – Early Warning and Indicator Notice (EWIN)-11-077-01A UPDATE Background: On March 17, 2011, RSA announced that a cyber attack on its systems was successful and resulted in the compromise and disclosure of information “specifically related to RSA's SecurID two-factor authentication products.” While the full extent of the breach remains unconfirmed, RSA states that “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” Enough information may have been obtained by the attacker to facilitate successful spearphishing or social engineering attacks. Attachment 1 provides specific actions for consideration by IT administrators and end user communities. Possible attack vectors include: 1. RSA Seed Record Compromise – A seed record is a shared secret between a hardware authenticator (e.g. token) and the authentication server. These seed records are commonly, but not always, used in combination with a user generated Personal Identification Number (PIN). Compromise of the seed code could potentially allow duplicate token values to be generated without possession of the token requiring only the guessing of the Users PIN, if a PIN had been used, to achieve full compromise and potential subsequent access. 2. Social engineering – Social engineering attacks trick users into performing an act that provides the attacker with confidential information. Depending on the nature of the information that was compromised from RSA, social engineering could be used to obtain the missing information necessary for the adversary to guess a Users PIN or might even trick the User into giving their PIN directly to the attacker. Although an old technique, social engineering attacks are still effective and end user training is critical for reminding users to be wary of such attacks and to report suspicious events.
Contact: Steve Applegate Cyber Security Threat and Vulnerability Program Manager North American Electric Reliability Corporation (NERC) 1120 G Street NW, Suite 990 Washington, DC 20005 Telephone: (202) 503-7192 Fax: (202) 393-3955 Steven.Applegate@nerc.net To report any incidents related to this Advisory, contact: ES-ISAC 24-hour hotline 609.452.1422 esisac@nerc.com A-2011-04-04-01 You have received this message because you are listed as the designated contact for your organization on the North American Electric Reliability Corporation’s compliance registry. If believe you have received this message in error, please notify the sender immediately and delete or otherwise dispose of all occurrences or references to this email. If you have questions about your membership in this list, please contact Chris Lada at NERC by calling 609.452.8060 or emailing Chris directly at: chris.lada@nerc.net. North American Electric Reliability Corporation 116-390 Village Blvd. Princeton, NJ 08540 609.452.8060 | www.nerc.com

Recomendados

Assobiotec Bio Pharma Day 2013 Milano
Assobiotec Bio Pharma Day 2013 MilanoAssobiotec Bio Pharma Day 2013 Milano
Assobiotec Bio Pharma Day 2013 Milano
Jobadvisor
 
2 fa registration-update
2 fa registration-update2 fa registration-update
2 fa registration-update
Hai Nguyen
 
Sms based otp
Sms based otpSms based otp
Sms based otp
Hai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
Hai Nguyen
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
Hai Nguyen
 

Recomendados

Assobiotec Bio Pharma Day 2013 Milano
Assobiotec Bio Pharma Day 2013 MilanoAssobiotec Bio Pharma Day 2013 Milano
Assobiotec Bio Pharma Day 2013 Milano
Jobadvisor
 
2 fa registration-update
2 fa registration-update2 fa registration-update
2 fa registration-update
Hai Nguyen
 
Sms based otp
Sms based otpSms based otp
Sms based otp
Hai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
Hai Nguyen
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
Hai Nguyen
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
Hai Nguyen
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
Hai Nguyen
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
Hai Nguyen
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
Hai Nguyen
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
Hai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
Hai Nguyen
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
Hai Nguyen
 
Gambling
GamblingGambling
Gambling
Hai Nguyen
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
Hai Nguyen
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
Hai Nguyen
 
Csd6059
Csd6059Csd6059
Csd6059
Hai Nguyen
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
Hai Nguyen
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowres
Hai Nguyen
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotp
Hai Nguyen
 
Attachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseAttachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromise
Hai Nguyen
 
Ams 2 fa april 2013
Ams 2 fa april 2013Ams 2 fa april 2013
Ams 2 fa april 2013
Hai Nguyen
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
Hai Nguyen
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808
Hai Nguyen
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
 

Mais conteúdo relacionado

Mais de Hai Nguyen

Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
Hai Nguyen
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
Hai Nguyen
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
Hai Nguyen
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
Hai Nguyen
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
Hai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
Hai Nguyen
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
Hai Nguyen
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
Hai Nguyen
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
Hai Nguyen
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
Hai Nguyen
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowres
Hai Nguyen
 
Attachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseAttachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromise
Hai Nguyen
 
Ams 2 fa april 2013
Ams 2 fa april 2013Ams 2 fa april 2013
Ams 2 fa april 2013
Hai Nguyen
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
Hai Nguyen
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808
Hai Nguyen
 

Mais de Hai Nguyen (20)

Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
 
Gambling
GamblingGambling
Gambling
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
 
Csd6059
Csd6059Csd6059
Csd6059
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowres
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotp
 
Attachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseAttachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromise
 
Ams 2 fa april 2013
Ams 2 fa april 2013Ams 2 fa april 2013
Ams 2 fa april 2013
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

A 2011-04-02-01 two-factor authentication compromise-final

  • 1. Industry Advisory Two-Factor Authentication Compromise Initial Distribution: April 4, 2011 Increased Threats to Authentication Services Why am I receiving this? >> About NERC Alerts >> Status: No Reporting is Required – For Information Only Public: No restrictions. Will be posted to NERC’s website alert page. More on handling >> Instructions: NERC Advisories are designed to improve reliability by disseminating critical reliability information and are made available pursuant to Rule 810 of NERC’s Rules of Procedure, for such use as your organization deems appropriate. No particular response is necessary. This NERC Advisory is not the same as a reliability standard, and your organization will not be subject to penalties for a failure to implement this Advisory. Additionally, issuance of this Advisory does not lower or otherwise alter the requirements of any approved Reliability Standard, or excuse the prior failure to follow the practices discussed in the Advisory if such failure constitutes a violation of a Reliability Standard. Distribution: Initial Distribution: Primary Compliance Contacts Reliability Coordinator, Transmission Owner, Transmission Operator, Balancing Authority, Generation Owner, Generation Operator, Distribution Provider. Who else will get this alert? >> What are my responsibilities? >> Primary Interest Groups: Cyber Security – Control Systems, Cyber Security – Corporate IT, System Administrators, EMS Administrators, GMS Administrators, RSA Administrators Advisory: NERC has confirmed with RSA the recent cyber attack on SecurID two-factor authentication products. This attack may affect the security of the two-factor authentication tokens from RSA used by industry to allow remote access to entity devices and systems. Although the extent of the cyber attack on RSA is unknown, enough information may have been obtained by the attacker to allow a less sophisticated attack such as social engineering to succeed. The concern now is focused on information systems administration and user education steps that should be taken to help detect or prevent potential attackers from acquiring additional information from users. NERC is encouraging entities to implement the mitigation strategies outlined in Attachment 1 of this Advisory. This attachment contains specific information and suggested actions for mitigation in accordance with standard
  • 2. detection, prevention, and recovery phases of an effective incident response and cybersecurity program. NERC is further encouraging entities to carefully review the Early Warning and Indicator Notice (EWIN)-11-077-01A Update that is attached to the Alert and take appropriate actions as described in Attachment 1. Since RSA has confirmed that specific information related to SecurID two- factor authentication products was compromised with the extent of the compromise unknown, the ES-ISAC estimates the potential risk to bulk power system reliability from this attack is MEDIUM. Attached: Attachment 1 – Mitigation Measures for Two Factor Authentication Compromise Attachment 2 – Early Warning and Indicator Notice (EWIN)-11-077-01A UPDATE Background: On March 17, 2011, RSA announced that a cyber attack on its systems was successful and resulted in the compromise and disclosure of information “specifically related to RSA's SecurID two-factor authentication products.” While the full extent of the breach remains unconfirmed, RSA states that “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” Enough information may have been obtained by the attacker to facilitate successful spearphishing or social engineering attacks. Attachment 1 provides specific actions for consideration by IT administrators and end user communities. Possible attack vectors include: 1. RSA Seed Record Compromise – A seed record is a shared secret between a hardware authenticator (e.g. token) and the authentication server. These seed records are commonly, but not always, used in combination with a user generated Personal Identification Number (PIN). Compromise of the seed code could potentially allow duplicate token values to be generated without possession of the token requiring only the guessing of the Users PIN, if a PIN had been used, to achieve full compromise and potential subsequent access. 2. Social engineering – Social engineering attacks trick users into performing an act that provides the attacker with confidential information. Depending on the nature of the information that was compromised from RSA, social engineering could be used to obtain the missing information necessary for the adversary to guess a Users PIN or might even trick the User into giving their PIN directly to the attacker. Although an old technique, social engineering attacks are still effective and end user training is critical for reminding users to be wary of such attacks and to report suspicious events.
  • 3. Contact: Steve Applegate Cyber Security Threat and Vulnerability Program Manager North American Electric Reliability Corporation (NERC) 1120 G Street NW, Suite 990 Washington, DC 20005 Telephone: (202) 503-7192 Fax: (202) 393-3955 Steven.Applegate@nerc.net To report any incidents related to this Advisory, contact: ES-ISAC 24-hour hotline 609.452.1422 esisac@nerc.com A-2011-04-04-01 You have received this message because you are listed as the designated contact for your organization on the North American Electric Reliability Corporation’s compliance registry. If believe you have received this message in error, please notify the sender immediately and delete or otherwise dispose of all occurrences or references to this email. If you have questions about your membership in this list, please contact Chris Lada at NERC by calling 609.452.8060 or emailing Chris directly at: chris.lada@nerc.net. North American Electric Reliability Corporation 116-390 Village Blvd. Princeton, NJ 08540 609.452.8060 | www.nerc.com