Brian Pennington

A blog about Cyber Security & Compliance


EMC Corporation

RSA’s November Online Fraud Report

Below is a summary of RSA’s November Online Fraud Report:-

The humble beginnings of phishing

The term ‘phishing’ was coined in 1996 by hackers who managed to steal America Online (AOL) accounts by coaxing username and passwords from unsuspecting users. At the time, hacked accounts were dubbed ‘phish’; within a year, ‘phish’ was actively being traded between hackers as a form of electronic currency that was of value to them. ‘Phishers’ used to go after compromised e-mail accounts in order to send out spam.

In its early days, phishing was not looking to steal bank account information or even financially driven for that matter. It was only when phishers realized that it was relatively easy to convince web users to divulge their passwords that they inevitably saw it as a way to monetize data. Now going beyond spam, phishers added a criminal layer to their activities and began thinking of ways to compromise more valuable credentials, especially those which afforded online access to bank accounts.

Phishing became a fraudster’s gold rush.

Phishing Attacks per Month

In October, phishing volume dropped nearly 40 percent – from 38,970 attacks in September to 24,019 attacks. This decline was mainly due to a drastic reduction in the number of phishing attacks targeting brands that were heavily attacked in September.

Number of Brands Attacked

Last month, 298 brands were targeted with phishing attacks, marking just a slight drop from September. Eleven brands endured their first attack in October while 51 percent of the brands targeted last month endured less than five attacks each.

US Bank Types Attacked

The portion of brands targeted among U.S. credit unions increased eight percent while brands targeted among U.S. regional banks saw a 13 percent decrease in October (from 25% to 12%). However, U.S. nationwide bank brands continue to endure the highest number of attacks, accounting for nearly 75 percent in October.

Top Countries by Attack Volume

In October, the UK continued to be the country that endured the most phishing attacks, just slightly ahead of the U.S. by a mere one percent. South Africa endured eleven percent of the phishing volume in October, followed by Brazil and Canada.

Top Hosting Countries

In October, the US hosted 54 percent of the world’s phishing attacks, followed by Germany with seven percent and the UK with four percent. Since October 2010, the only countries that have consistently hosted the highest portions of phishing attacks have been the US, UK, Germany, France and Russia.

The full RSA Report can be found here.

The RSA October Online Fraud Report Summary is here.

The RSA September Online Fraud Report Summary is here.


EMC Has a Good Idea of Who Was Behind RSA Breach

Image representing EMC as depicted in CrunchBase
Image via CrunchBase

On the 30th June Reuters Published a very interesting interview with Jeremy Burton the Chief Marketing Officer of RSA/EMC. The interview as published by Reuters is below.

Reuters 30/6/11 Data storage firm EMC has a good idea of who was behind an attack on its RSA security division that may have compromised SecurID keys used by 40 million employees of governments and corporations worldwide.

But Chief Marketing Officer Jeremy Burton said on Thursday the identity of the hacker or hackers was less important than what measures companies could take to defend against such attacks, and declined to name the suspected party.

“We’ve got an idea although we can’t pin it on Joe Brown from such and such. We’ve got a very good idea because of the nature of the attack but actually that’s not even that important,” he told Reuters in an interview in London.

RSA disclosed in March that hackers had stolen information that could be used to reduce the effectiveness of SecurID tokens in keeping intruders from accessing corporate networks.

It has said it believes the attackers were more interested in intellectual property than in financial gain.

SecurIDs are widely used electronic keys to computer systems designed to thwart hackers by requiring two passcodes: one fixed PIN and another six-digit number that is automatically generated, typically every 60 seconds, by the security system.

Burton reiterated that EMC was working hard to rebuild the trust of its customers in the RSA brand. “Basically, since March, we’ve been doing nothing but doing one on one sessions.”

“Where we’re at right now with our customer base is making sure that the guys who have asked for token replacement get one in a timely fashion and we’ve ramped up the manufacturing to be able to cope with that,” he said.

RSA’s reputation took a second hit after the initial disclosure of the breach in March last when hackers used technology stolen from RSA to attack defence contractor Lockheed Martin last month.

EMC has since offered to replace millions of potentially compromised SecurID electronic keys.

Burton said the company intended to ramp production of RSA tokens into the millions per month from a baseline rate of a few hundred thousand. He could not predict for how many months the increased production might continue.

EMC said last quarter its RSA margins had fallen to 54.1 percent from 67.6 percent a year earlier for costs associated with the security breach.

“If there are more costs and we need to take another charge in the name of customer satisfaction, we will,”Burton said.

EMC’s chief financial offer said in April that growth in the RSA business would slow in the short term.

RSA is small in terms of EMC’s revenue, last year accounting for $730 million (454 million pounds), or 4 percent, of its $17 billion in sales.

 Yet it is a high-profile asset whose technology EMC has used to secure the company’s other products, including its software and data storage equipment.

Companies that sell alternatives to RSA’s SecurIDs, such as Symantec and Vasco Data Security International, have leapt on the opportunity to win customers.

 Burton said he was not aware of any other customers beyond Lockheed Martin who had suffered cyber attacks as a result of the RSA security breach.

Reprint of Reuters Page which can be found here.


Blog at

Up ↑

%d bloggers like this: