Even software security firms aren’t immune to attacks, and Kaspersky Lab – maker of popular anti-virus and Internet security products – has admitted in a blog post that their internal system was the target of a malware attack. Company founder Eugene Kaspersky posted yesterday that Kaspersky’s internal networks were attacked through exploits of several zero-day vulnerabilities, and even went so far as to say that the company is “quite confident that there’s a nation state behind” the attack.
— Eugene Kaspersky (@e_kaspersky) June 10, 2015
Kaspersky has dubbed the attack Duqu 2.0 due to similarities with the original Duqu malware platform. Kaspersky was also quick to point out that customer data is safe as the attack was targeted at their technologies, which he mused some of which are accessible under licensing agreements.
Most importantly, neither our products nor services have been compromised, so our customers face no risks whatsoever due to the breach.
The company was able to detect the intrusion before any data was compromised using an alpha version of their new Anti-APT software, and in the resulting investigation have discovered that the malware framework has been used against other targets.
We’ve found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz. Though the internal investigation is still underway we’re confident that the prevalence of this attack is much wider and has included more top ranking targets from various countries. I also think it’s highly likely that after we detected Duqu 2.0 the people behind the attack wiped their presence on the infected networks to prevent exposure.
The company has already updated their software products to include Duqu 2.0 detection, and also mentioned that the zero-day exploit was immediately reported to Microsoft and has already been patched. Kaspersky chose to disclose the information for two reasons:
By disclosing the attack we (i) send a signal to the public and question the validity – and morality – of presumably a state-sponsored attacks against private business in general, and security companies in particular; and (ii) share our knowledge with other businesses to help them protect their assets. Even if it does hurt ‘reputation’ – I don’t care. Our mission is to save the world, and that admits no compromise.
As for which “nation state” was responsible for the attack, Kaspersky stated that they don’t attribute attacks and have filed statements with various law enforcement agencies to assist them in their criminal investigations.
What do you think about Kapersky’s decision to disclose the attack on their network? Let us know in the comments below, or on Google+, Twitter, or Facebook.Source: Kaspersky Lab