In March of this year, RSA - the security division of EMC - had announced they suffered a breach stemming from a "sophisticated attack" on their network systems.
The attackers targeted proprietary information on RSA's SecurID two-factor authentication systems, a product designed to prevent unauthorized access to enterprise network systems.
The company released an open letter to RSA customers which suggested the overall damage would be minimal from attack on their network.
What did this sophisticated attack look like? According to researchers from F-Secure, it was most likely an email with a short message and an infected Excel spreadsheet file.
The messages read: "I forward this file to you for review. Please open and view it."
Timo Hirvonen, an F-Secure antimalware analyst, found the suspected email among millions of samples that had been submitted to the free file scanning service VirusTotal.
The message had been sent on March 3, but had not been submitted to VirusTotal until two days after the RSA breach was announced.
"The e-mail was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached Excel file. It was a spreadsheet titled "2011 Recruitment plan.xls," said an April 1 blog posting by RSA's Head of New Technologies, Uri Rivner.
Not much else has been revealed about the breach since then.
While few details have been released that could give analysts a better understanding of the scope and impact of the breach, the unauthorized access to sensitive material regarding SecurID is known to have had wide spread impact.
RSA's customers include government, military, financial, enterprise, healthcare and insurance companies.
In June, Lockheed disabled their employees remote access privileges while the company reissued new SecurID tokens to all telecommuting workers as well as requiring all employees with network access to change their passwords after detecting unauthorized access attempts.
Shortly after, defense contractor Northrop Grumman also reportedly disabled remote access to company networks, then L-3 Communications reported the company had suffered a network breach stemming from cloned RSA SecurID tokens.
Analysts have since debated whether or not the characterization of the attack as being "sophisticated" was accurate or not.
Given the revelations by F-Secure that one of the most serious attacks to date was accomplished with such a simple email message, perhaps it is the definition of a "sophisticated attack" that need to be debated.
Help Support Infosec Island by Tweeting and Stumbling our Articles - Thanks!