In an ironic twist of fate, security firm Kaspersky on Wednesday announced that it was hacked.
“The bad news is that we discovered an advanced attack on our own internal networks,” the company’s chairman and CEO, Eugene Kaspersky, wrote in a blog post. “It was complex, stealthy, it exploited several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it. We’ve called it Duqu 2.0.”
Kaspersky said the attackers—believed to be the same group behind 2011’s Stuxnet-like Duqu worm—were mainly interested in spying on its technologies, especially its solutions for discovering and analyzing sophisticated attacks known as Advanced Persistent Threats (APTs). The attackers were looking to find out about Kaspersky’s ongoing investigations into advanced attacks, detection methods, and analysis capabilities.
Apparently, they weren’t all that successful. Kaspersky said that none of its products or services were compromised and that its customers “face no risks whatsoever due to the breach.”
Still, it was one of the most advanced attacks the company has ever seen. The attackers used a number of tricks that made it extremely difficult to detect and neutralize.
“We found something really big here,” Kaspersky wrote. “Indeed, the cost of developing and maintaining such a malicious framework is colossal. The thinking behind it is a generation ahead of anything we’d seen earlier.”
Kaspersky said it was clear the people behind Duqu 2.0 were “fully confident” they’d remain under the radar. The company was able to detect the attack thanks to an alpha version of its Anti-APT solution designed to tackle sophisticated, targeted attacks.
“Attacking us was hardly the smart move: they’ve now lost a very expensive technologically advanced framework they’d been developing for years,” Kaspersky said.
But Kaspersky wasn’t the only target. The attackers behind Duqu 2.0 also spied on several other “prominent targets,” Kaspersky found, including participants in the international negotiations on Iran’s nuclear program and the 70th anniversary event of the liberation of Auschwitz.
Kaspersky didn’t name names, but said it believes the attack was a “nation-state sponsored campaign,” which relied heavily on zero-day flaws and cost around $50 million to maintain—far more than an everyday cyber criminal would be willing to invest. According to a report from The Guardian, the malware is linked to Israel, and was also discovered on the networks of three hotels that recently hosted the Iran nuclear talks.
“Governments attacking IT security companies is simply outrageous,” Kaspersky wrote. “We’re supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld.”
For more, check out Kaspersky’s FAQ [PDF] about the attack.
Via PC Mag
Kudos to Kaspersky for coming out into the open regarding the fact that they got hacked. However, this does indirectly prove that if hackers want to get in, they will. The onus is hence up to companies to adopt a posture (and tools) that they “will” get hacked, not “if” they get backed. The trick hence is to be able to quickly detect and rectify the security breach, not find out about it weeks or months later (or never). – Paul Mah, commenting on behalf of IDG and FireEye.