Hackers claim to have breached three antivirus firms

In News

An international cybercrime group has attacked the networks of three unnamed US-based antivirus firms and stolen approximately 30 terabytes of data. The group is offering to sell the data, as well as access to the company networks for a sum of $300,000.

As first reported by Ars Technica, the “boutique cybersecurity firm” Advanced Intelligence, Inc., says that a “Russian- and English-speaking hacking collective” called Fxmsp has been trying to work its way into the antivirus firms’ networks for the last six months, and finally became successful on April 24th.

One stolen data seems “to contain information about the company’s development documentation, artificial intelligence model, web security software and antivirus software base code,” an  Advanced Intelligence blog said.

Dr. Torsten George, Cybersecurity Evangelist at Centrify, said about the attack:It’s both shocking and alarming if reports are true that an international cybercrime group has penetrated the company networks of three U.S.-based antivirus firms and stolen more than 30 terabytes of data via a credential-stealing botnet. Organizations – especially antivirus firms – have to assume that bad actors are in their networks already.

Cyber attackers long ago discovered that the easiest way to gain access to sensitive data is via weak, default or otherwise compromised credentials. The reality is that guessing passwords is easier than going up against technology. In fact, a recent Centrify study found that privileged credential abuse is involved in almost three out of every four breaches. Privileged account access provides cyber adversaries with the “keys to the kingdom” and a perfect camouflage for their data exfiltration efforts.

It’s well past time to adopt a Zero Trust approach, powered by additional security measures such as multi-factor authentication (MFA) and privilege elevation, to stay ahead of the security curve. MFA is the lowest hanging fruit for protecting against compromised credentials.”

The posting included what appeared to be a screenshot of a code editor and a Windows Explorer window showing a file structure. One commenter at Ars Technica said the code editor appeared to actually be a decompiler, a tool that tries to reconstruct software source code by analyzing binary data.

Not much else is known about the attack. Questions like whether there any personal information about antivirus company clients in the stolen data, whether malicious hackers could create a more powerful malware if they got a look at antivirus source code, does Fxmsp actually have the source code, or is it just trying to decompile binaries, all remain unanswered.

 

Comments

You may also read!

Security vulnerability in Bluetooth puts iOS and Windows 10 devices at risk

In a research paper titled Tracking Anonymized Bluetooth Devices, researchers have revealed that a security flaw in Bluetooth communication

Read More...

Humans cause nine out of ten data breaches in the cloud

Incidents in public cloud infrastructure are more likely to happen because of a customer’s employees rather than actions carried

Read More...

FireEye expands Managed Defense MDR services

FireEye, the intelligence-led security company, today announced the availability of two new managed detection and response (MDR) service offerings

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu