Skip to main content

Security Firm Kaspersky Hacked!






In an ironic twist of fate, security firm Kaspersky on Wednesday announced that it was hacked."The bad news is that we discovered an advanced attack on our own internal networks," the company's chairman and CEO, Eugene Kaspersky, wrote in a blog post. "It was complex, stealthy, it exploited several zero-day vulnerabilities, and we're quite confident that there's a nation state behind it. We've called it Duqu 2.0."
Kaspersky said the attackers—believed to be the same group behind 2011's Stuxnet-like Duqu worm—were mainly interested in spying on its technologies, especially its solutions for discovering and analyzing sophisticated attacks known as Advanced Persistent Threats (APTs). The attackers were looking to find out about Kaspersky's ongoing investigations into advanced attacks, detection methods, and analysis capabilities.
Apparently, they weren't all that successful. Kaspersky said that none of its products or services were compromised and that its customers "face no risks whatsoever due to the breach."
Still, it was one of the most advanced attacks the company has ever seen. The attackers used a number of tricks that made it extremely difficult to detect and neutralize.
"We found something really big here," Kaspersky wrote. "Indeed, the cost of developing and maintaining such a malicious framework is colossal. The thinking behind it is a generationahead of anything we'd seen earlier."
Kaspersky said it was clear the people behind Duqu 2.0 were "fully confident" they'd remain under the radar. The company was able to detect the attack thanks to an alpha version of its Anti-APT solution designed to tackle sophisticated, targeted attacks.
"Attacking us was hardly the smart move: they've now lost a very expensive technologically advanced framework they'd been developing for years," Kaspersky said.
But Kaspersky wasn't the only target. The attackers behind Duqu 2.0 also spied on several other "prominent targets," Kaspersky found, including participants in the international negotiations on Iran's nuclear program and the 70th anniversary event of the liberation of Auschwitz.
Kaspersky didn't name names, but said it believes the attack was a "nation-state sponsored campaign," which relied heavily on zero-day flaws and cost around $50 million to maintain—far more than an everyday cyber criminal would be willing to invest. According to a report from The Guardian, the malware is linked to Israel, and was also discovered on the networks of three hotels that recently hosted the Iran nuclear talks.
"Governments attacking IT security companies is simply outrageous," Kaspersky wrote. "We're supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld."
For more, check out Kaspersky's FAQ [PDF] about the attack.
Credits:PCMAG
Labels:

Comments

Post a Comment

Popular posts from this blog

Powerful words from Steve Jobs on his sick bed

Powerful message. Steve Jobs’ Last Words - I reached the pinnacle of success in the business world. In others’ eyes, my life is an epitome of success. However, aside from work, I have little joy. In the end, wealth is only a fact of life that I am accustomed to. At this moment, lying on the sick bed and recalling my whole life, I realize that all the recognition and wealth that I took so much pride in, have paled and become meaningless in the face of impending death. In the darkness, I look at the green lights from the life supporting machines and hear the humming mechanical sounds, I can feel the breath of god of death drawing closer… Now I know, when we have accumulated sufficient wealth to last our lifetime, we should pursue other matters that are unrelated to wealth… Should be something that is more important: Perhaps relationships, perhaps art, perhaps a dream from younger days ... Non-stop pursuing of wealth will only turn a person into a twisted being, just l...
Post a Comment
Read more

Introducing Microsoft Surface pro 3

Surface Pro 3      On Monday rumors was circulating the online journals regarding next surface pro tablet. Online journals and news sites  on Monday leaked image of the device was circulating, not knowing that the company will officially announce the device the next day. The surface tablet is just too much because it comes with a stylus and the screen was optimized to take a full handwriting future just like your normal paper, microsoft solve the issues users faces while using stylus to write on so many devices, where placing palm on the screen while writing result in unwanted drawings. Here we must say thank you to samsung for bringing back stylus into the mobile world in its Note series tablet and mobile phones. The awesome device comes with a slim removable keyboard for ease typing.      The surface pro 3 according to Microsoft can replace laptops, meaning normal .exe files that runs on windows pc or laptops can be installed on this sexy device. ...
Post a Comment
Read more

Steps of Ethical Hacking

Steps of Ethical hacking Foot printing Scanning Enumeration System hacking NB: This will only be an introduction. I shall discuss the steps in details, bit by bit. Footprinting: This is the first step in hacking. This involves gathering information about the target network, firm or organization. The information collected will help the attack successful. This step is the foundation of hacking. If data collected is inaccurate the attack is likely to fail. This happens during the  passive state of the system. This steps target information that are carelessly handled or stored. Attack is as good as how accurate the information collected at this stage. Information that can be collected or extracted include IP addressing range Phone Numbers Email addressing Name spaces Employee information facility information Job information Scanning: This stage deals with studying the system during it active time. It focuses on gathering more useful information which...
Post a Comment
Read more