Kaspersky Lab cybersecurity firm is hacked

Toggle sidebar Toggle sidebar
M

maddogchen

Diamond Member
Feb 17, 2004
8,903
2
76
http://www.bbc.com/news/technology-33083050

Kaspersky Lab said that it had detected the breach in the "early spring", and described it as "one of the most sophisticated campaigns ever seen".
The malware does not write any files to disk, but instead resides in affected computers' memory, making it relatively hard to detect.

...

Kaspersky said, the malware was spread using Microsoft Software Installer files, which are commonly used by IT staff to install programs on remote computers.
"This highly sophisticated attack used up to three zero-day [previously unknown] exploits, which is very impressive - the costs must have been very high," commented Costin Raiu, director of Kaspersky Lab's global research and analysis team.

...
Kaspersky said that it was "confident" that its clients and partners remained safe.
Click to expand...
 
Elixer

Elixer

Lifer
May 7, 2002
10,371
762
126
Kaspersky said that it was "confident" that its clients and partners remained safe.
Click to expand...
Pretty bad when a security company gets hacked, and even worse when they say they are "confident" without having any proof that they remain 'safe'.
 
M

matricks

Member
Nov 19, 2014
194
0
0
Elixer said:
Pretty bad when a security company gets hacked, and even worse when they say they are "confident" without having any proof that they remain 'safe'.
Click to expand...

I doubt that this is a statement without anything to back it up. On one hand it would be very difficult to prove what parts of their systems are not affected, but they know a lot more about the incident than forums and mainstream media do.

New APT Duqu 2.0 Hits High-Value Victims, Including Kaspersky Lab (Threatpost, I know it's run by Kaspersky)
Kaspersky’s investigation into the incident showed that the Duqu attackers had access to a small number of systems and were especially interested in the company’s research into APT groups, its anti-APT technology, and some Kaspersky products, including the Secure Operating System and Kaspersky Security Network.
Click to expand...
Kaspersky sells software. Compared to many other things at this scale, digging up a history of changes in software is relatively easy. Have they done it? No idea, but it's a great starting point if they want to claim anything about the security of their clients. They don't provide cloud storage, e-mail or anything, they only have the information they collect to process sales, and anonymous malware samples. One can always question if they collect more information than they claim from computers using their software, but in that case you don't trust them in the first place, so the attack shouldn't be of much concern.

This appears to be an intelligence gathering operation. Which would mean that manipulating software products to compromise the entire customer base probably isn't a goal. They would probably have been detected much earlier if they did. At the level of this operation, Kasperskys research is probably more valuable to them than compromising the homegrown security expert constantly switching antivirus products to stay on top of AV-Comparatives. Finally, investigating incidents like these is one of the things Kaspersky actually knows how to do, unlike the average store or restaurant chain.

What bothers me is all the superlatives. Mostest highliest advancedest skillest campaign ever to have taken place, they must have spent megalodons of dollars. When mass media does it, sure, that's all they know how to do. But I thought most security people agreed that the question isn't if you will be compromised, the question is when, and how you handle it.
 
John Connor

John Connor

Lifer
Nov 30, 2012
22,757
618
121
Why is it so important that the NSA not spy on foreign governments? Especially Iran! It's one thing to spy on the citizens that pay their bills, but quit another when it's national security. Screw Russia and Caspersickley.
 
Zodiark1593

Zodiark1593

Platinum Member
Oct 21, 2012
2,230
4
81
matricks said:
I doubt that this is a statement without anything to back it up. On one hand it would be very difficult to prove what parts of their systems are not affected, but they know a lot more about the incident than forums and mainstream media do.

New APT Duqu 2.0 Hits High-Value Victims, Including Kaspersky Lab (Threatpost, I know it's run by Kaspersky)
Kaspersky sells software. Compared to many other things at this scale, digging up a history of changes in software is relatively easy. Have they done it? No idea, but it's a great starting point if they want to claim anything about the security of their clients. They don't provide cloud storage, e-mail or anything, they only have the information they collect to process sales, and anonymous malware samples. One can always question if they collect more information than they claim from computers using their software, but in that case you don't trust them in the first place, so the attack shouldn't be of much concern.

This appears to be an intelligence gathering operation. Which would mean that manipulating software products to compromise the entire customer base probably isn't a goal. They would probably have been detected much earlier if they did. At the level of this operation, Kasperskys research is probably more valuable to them than compromising the homegrown security expert constantly switching antivirus products to stay on top of AV-Comparatives. Finally, investigating incidents like these is one of the things Kaspersky actually knows how to do, unlike the average store or restaurant chain.

What bothers me is all the superlatives. Mostest highliest advancedest skillest campaign ever to have taken place, they must have spent megalodons of dollars. When mass media does it, sure, that's all they know how to do. But I thought most security people agreed that the question isn't if you will be compromised, the question is when, and how you handle it.
Click to expand...

I doubt the PR, even belonging to a cybersecurity company, is all that technically competent.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom