Skip to main content

Security Firm Kaspersky Hacked!






In an ironic twist of fate, security firm Kaspersky on Wednesday announced that it was hacked."The bad news is that we discovered an advanced attack on our own internal networks," the company's chairman and CEO, Eugene Kaspersky, wrote in a blog post. "It was complex, stealthy, it exploited several zero-day vulnerabilities, and we're quite confident that there's a nation state behind it. We've called it Duqu 2.0."
Kaspersky said the attackers—believed to be the same group behind 2011's Stuxnet-like Duqu worm—were mainly interested in spying on its technologies, especially its solutions for discovering and analyzing sophisticated attacks known as Advanced Persistent Threats (APTs). The attackers were looking to find out about Kaspersky's ongoing investigations into advanced attacks, detection methods, and analysis capabilities.
Apparently, they weren't all that successful. Kaspersky said that none of its products or services were compromised and that its customers "face no risks whatsoever due to the breach."
Still, it was one of the most advanced attacks the company has ever seen. The attackers used a number of tricks that made it extremely difficult to detect and neutralize.
"We found something really big here," Kaspersky wrote. "Indeed, the cost of developing and maintaining such a malicious framework is colossal. The thinking behind it is a generationahead of anything we'd seen earlier."
Kaspersky said it was clear the people behind Duqu 2.0 were "fully confident" they'd remain under the radar. The company was able to detect the attack thanks to an alpha version of its Anti-APT solution designed to tackle sophisticated, targeted attacks.
"Attacking us was hardly the smart move: they've now lost a very expensive technologically advanced framework they'd been developing for years," Kaspersky said.
But Kaspersky wasn't the only target. The attackers behind Duqu 2.0 also spied on several other "prominent targets," Kaspersky found, including participants in the international negotiations on Iran's nuclear program and the 70th anniversary event of the liberation of Auschwitz.
Kaspersky didn't name names, but said it believes the attack was a "nation-state sponsored campaign," which relied heavily on zero-day flaws and cost around $50 million to maintain—far more than an everyday cyber criminal would be willing to invest. According to a report from The Guardian, the malware is linked to Israel, and was also discovered on the networks of three hotels that recently hosted the Iran nuclear talks.
"Governments attacking IT security companies is simply outrageous," Kaspersky wrote. "We're supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld."
For more, check out Kaspersky's FAQ [PDF] about the attack.
Credits:PCMAG
Labels:

Comments

Post a Comment

Popular posts from this blog

Microsoft Office for Tablet now on Google Play store

Back in November, Microsoft opened up early previews builds for its new mobile Office applications for Android tablets to those willing to sign up and wait for an invitation. After taking on feedback over the past couple of months, Microsoft has announced that it is expanding its preview scheme by releasing its Office applications to everyone directly through the Google Play Store. The new Office software for mobile unifies Android, IOS, and Windows platforms. Previously each platform had to make do with its own apps, meaning that feature sets differed depending on your operating system and updates were often slow and intermittent. By unifying the Office platform, Microsoft hopes to bring updates and new features to users in a timelier manner. There are still a couple of conditions attached to the preview builds though. Firstly, Office is still limited to ARM-based Android tablets with a screen size between 7 and 10.1 inches. Your tablet will also need to be running Ki...
Post a Comment
Read more

Ethical Hacking Simplified. Applications of Cryptography

Pretty good Privacy PGP This type of cryptographic Application uses Public key encryption system and  is one of the most popular means of encryption in the world. It is used in securing data, data storage, email, Instant Messaging (instant messaging are messaging system that happens in real time, just like whatsApp, Facebook messenger etc.) and other forms of communication. The early version of this cryptographic application was written by Philip Zimmerman and has it public appearance in 1991. it is part of an open-source project with many version where user can choose the best that suit them. This cryptographic application comes with privacy and security measure that are found in many online systems. The data will travel in an encrypted form (chipertext), upon arriving at the receiving end, the receiving will use PGP to decrypt the data back to plaintext. PGP uses the Public/Private key encryption. Where the sender uses his public key to encrypt data, and the receiver ...
Post a Comment
Read more

Tips for strong password

As we have already discussed that passwords are strong and at the same time weak! If user create password from his name, date of birth or any other combination that is related to him, cracking down his account doesn't need much technical know how. Meaning attacker who know you, can be lucky enough to access your sensitive information by only entering certain key combinations. Creating strong and almost non hackable wait!!! is there any non hackable password! I was once told that any system can be hacked! It only took time, skills and resources! You are absolutely right! But at-least one has to really suffer before getting your data! Arm robbers do rob banks! Do you think a local or common thief can rob bank? The ans is absolute NO! Strong passwords doesn't happen by chance! Below are the steps to create a very strong passwords! Passwords should be at-least 8 characters Its already becoming standard on the internet. Many websites doesn't allow less than 6 charact...
Post a Comment
Read more