RSA hack exploited Flash vulnerability

Phishing email led to a serious case of "digital shoulder surfing"

The recent embarrassing data breach at security firm RSA was caused by a zero-day vulnerability in Adobe Flash.

RSA revealed that the attackers sent a phishing email to several groups of employees, one of whom opened the attached spreadsheet.

"The email was crafted well enough to trick one of the employees into retrieveing it from their junk mail folder, and open the attached excel file. It was a spreadsheet titled "2011 Recruitment plan.xls", wrote Uri Rivner, head of new technologies, consumer identity protection, RSA on the firm's blog.

"The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability. As a side note, by now Adobe has released a patch for the zero-day, so it can no longer be used to inject malware onto patched machines," he added.

The malware enabled the hackers to watch everything the employee did on their PC, which Rivner described as "digital shoulder surfing".

The attacker was able to move on to gain account information from more employees to gain access to important files on RSA's network.

"The attacker first harvested access credentials from the compromised users (user, domain admin, and service accounts). They performed privilege escalation on non-administrative users in the targeted systems, and then moved on to gain access to key high-value targets, which included process experts and IT and non-IT specific server administrators," said the blog.

RSA has not released information on what information was stolen.