Hacked Anti-Virus
Companies – The Irony…

01 Aug 2019

NO-ONE* is immune from data breaches.

*Capitalised to illustrate the fact that literally no-one is immune from data breaches.

In fact only today we read about credit card company Capital One being hacked with the personal details (names, addresses and phone numbers but no credit card details) of 106 million of their customers falling into the hands of a hacker who boasted about it online. It’s one of the largest data breaches in history.

We digress. We’ve written a lot about the data breaches of some of the world’s biggest companies but we never thought we’d be writing about data breaches of the companies that are supposed to be on the front line of stopping data breaches…

Oh, the irony, but what can we learn?


Quis Custodiet Ipsos Custodes?


Indeed. Who is watching the watchmen?

Recently, a top-tier Russian and English-speaking hacking collective known as Fxmsp breached the doors of three of the world’s biggest antivirus companies – you can read the article from advanced-intel.com here. According to digital marketing blogger Joseph Chukwube, they ‘extracted sensitive source code from the companies’ anti-virus software, security plugins, and AI technology, and is offering to sell the source code, as well as access to the networks, for over $300,000.’

‘This isn’t the first time anti-virus companies have been hacked’ says Chukwube. ‘In 2012, it was found that hackers breached the Symantec network six years earlier, stealing Norton security’s source code. In 2015, both Kaspersky and Bitdefender were attacked and all three companies claim that the hacks had no significant impact’

In this latest hacking episode, the companies are believed (but not confirmed) to be, according to a report by bleepingcomputer.com, McAfee, Symantec and Trend Micro and it raises the very real issue that no-one is immune. Even the people we rely on to keep our data safe have to work very hard to keep up with the constant and swift evolution of attack strategies by some very, very clever but unscrupulous operators.

It’s fair to say that there’s a lot we don’t know about the latest Fxmsp hack but what we do know is that that the more data a business holds, the more vulnerable – and more attractive to baddies – they are.

In a case of stating the bleedin’ obvious, Chukwube tells us that ‘Personal information about customers is a valuable target for hackers that want to extort cybersecurity companies or sell that data on the grey market. That means if cybersecurity companies didn’t collect all this personal information to begin with, they wouldn’t be such vulnerable targets, and the repercussions of attacks would be far less severe.’

Thanks Joe.

So what do the cybersecurity companies need to do? One theory is to reduce the amount of information they collect. In this case they didn’t collect driver’s licence or social security numbers but, so says csoonline.com, the breached records included income information, marital status and even customers’racial background.

Not for a second are we suggesting that the breached companies are in any way irresponsible, but there’s a truth to the fact that one shouldn’t collect as much data as possible just because one can. Rather in the age we live in, responsibility lies in collecting as little as is necessary to fulfil one’s business objectives and obligations, minimising customer vulnerability by only collecting what they really need.

Back to Joseph Chukwube: ‘In an era of customer-focused business and tight data protection regulation, the most successful cybersecurity companies – in addition to the least vulnerable – will be those that promise not only to protect their customers’ data, but also to collect as little data as possible in the first place.’


What Can Companies Like Yours Do To Strengthen Data Security


Again, for fear of flogging a dead horse, there’s plenty you can do. A robust antivirus system in place is one thing but you shouldn’t rely on that alone, and this is where Koncise Solutions’ services come into play…

1. Employ strong antivirus software with high malware detection rates that’s relatively easy for your employees – non-techies – to get their heads around.

2. Ensure you’re constantly monitoring your network perimeters to monitor any externally exposed data. That includes mobile and IoT devices, the monitoring of cloud servers, incorporating two-factor authentication and even as far as embedding security software in the devices themselves.

3. Train your staff to look out for phishing emails and how to properly respond to them.

4. Vet everyone coming into contact with your company and make sure you understand how they use your data as well as knowing what security protocols they have in place. The issue here is that while it’s sensible to do so, in the real world it’s almost impossible to validate whether third parties have vetted their own employees to the standards required so there has to be a degree of trust that they have.

From our very own Stephen Dorling: What’s more realistic is to monitor access and put relevant controls in place to restrict access to, or activities with, data (i.e. make cloud data shard with third-parties set to read-only access without an ability to download locally or for access to internal stuff look at Inside Threat/DLP solutions to third-party users from copying, or house third-parties in an Identity Manager to control access).

5. Fire drills are a great way of knowing how your company will respond in a real emergency and if you can identify weak links you’ll be far better placed to know what to do when and if Fxmsp come a-knocking.

In the case of Capital One, they will be working around the clock to repair and remediate the damage and as well as being physically taxing and highly complex work, it also takes its toll emotionally. Fire drills are worthwhile but it’s like trying to replicate a World Cup Final penalty shoot-out on the training field. There are so many factors that simply can’t be predicted that issues are almost impossible to understand with any degree of clarity.

In the coming months, we’ll be speaking to CISOs and CTOs for their take on what is becoming a epidemic that only seems to be getting more serious.

Contact us today on info@koncisesolutions.com or call 020 7078 0789 and we’ll talk cloud security, cutting-edge IT solutions or what’s better, shepherd’s pie or cottage pie. Whatever you want.


Koncise Solutions

Go Back