Kaspersky Hacked: Antivirus Company Experienced a Major Breach
Sometimes your company might lose customers not because you have been hacked but the way your company responded. In case of cyber attacks there are three options to take action:
1. Hide and don’t inform customers
This approach may help you keep your customers until the truth is unfolded, but if the truth that you have been hacked is leaked than it might be disastrous for you company’s reputation.
2. Posting a security advisory banner on a remote page of company’s website
In this case in order to convince the audience your company would need to use words like APT, Chinese Red Dragon army or Russian Business Network this would make your company sound like it was hacked by a highly sophisticated breach.
3. Admit
That is what Russian antivirus company Kaspersky decided to do. On latest tweet they admitted that their internal systems have been compromised by Duqu2:
We’re fully confident that #Duqu2 attack on our network brings no risks to our customers and partners https://t.co/bAGUU3zVyo
— Eugene Kaspersky (@e_kaspersky) June 10, 2015
According to Kaspersky Lab, cyber attackers/hackers wanted to spy on company’s modern technologies which would have caused this major security breach. They also mentioned that intrusion was achieved by using 3 unknown techniques.
The malware Duqu2 does not write files to disk, instead it uses computers memory (RAM), making it harder to detect. Kaspersky linked the attack to the unidentified creators of an earlier Trojan named Duqu, which made headlines in 2011 after being used in attacks on Iran, India, France and Ukraine.
In spring hackers used Microsoft Word vulnerability, now they hacked their way into Kaspersky Lab via another Microsoft product Microsoft Software Installer, commonly used by IT departments to install software remotely.
Director of Kaspersky Lab global research and analysis team mentioned that:
This highly sophisticated attack used up to three zero-day [previously unknown] exploits, which is very impressive – the costs must have been very high. We believe that Duqu 2.0 attacks had also been made on other targets, including several venues used for talks between Iran and the West about Iran’s nuclear programme.
Famous cyber security researcher Mikko Hypponen and a chief research officer at F-Secure said that:
Duqu 2.0 seems to be the biggest [cybersecurity] news of the year so far – it’s major new malware from a major source. But we have previously seen security companies used as a way to reach other targets. The prime example of this was RSA, which got hacked four years ago, when we believe the target was a defence contractor in the US, which used RSA’s technology.
Hopefully Kaspersky assured it’s customers that their data remained safe.