Kaspersky Lab reveals cyberattack on its corporate network

Discussion in 'malware problems & news' started by ronjor, Jun 10, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas
    http://www.net-security.org/malware_news.php?id=3054
     
  2. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,096
    Kaspersky reveals 'almost invisible' hacking attack on its systems
    Security company found malware, related to Duqu, when testing a new antivirus tool
    http://www.zdnet.com/article/kaspersky-hit-by-almost-invisible-hacking-attack/
     
    Last edited: Jun 10, 2015
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    http://blog.crysys.hu/2015/06/duqu-2-0/
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,958
    Location:
    U.S.A.
  5. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
    It happens to the best secured ones (a.k.a. Kaspersky)... ;)
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    We are lucky it happened to Kaspersky as if it was another security company we would probably still be at Duqu 1.0. ;)
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    I'm sorry but this is a bit painful! I expected better from Kaspersky. On the other hand, it's also a wake up call to never let your guards down. If it can happen to them, it can happen to anyone.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Protecting a computer, vs a network can be two different things. Besides since most of these attacks involve human engineered phishing attacks, people are the same everywhere, vulnerable
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,075
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Yes this is true, I can imagine that it can be quite complicated having to protect every PC and server on the network. I do think that security software can protect against almost all attacks nowadays, but it's still people who need to have the "know how" about how to configure and operate it.
     
  11. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
  12. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,958
    Location:
    U.S.A.
    You're welcome, xxJackxx! Take care.
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,075
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
  15. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Without getting into what type of security they employed on the affected systems and if a properly configured HIPS was one of them, the driver was digitally signed with a valid certificate. Any HIPS that has a modicum of usability in mind will allow it by default.
     
  16. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    If it was "properly configured" digitally signed certificates with or without valid cets wouldn't be auto allowed !
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,075
    You probably meant drivers? I also don't understand why unknown drivers should be allowed to be loaded. It's just like with execution control - allow the one you trust and block all others.
     
  18. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Minimalist

    Well i meant any App or driver, yes.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    This is a feature that you can and should always turn off. Of course, securing all appliances on a network is a lot more complex than securing a single home user PC, I get that. But still, if they are really serious about security, they should have been able to the secure servers and network appliances with a properly configured HIPS/IDS.

    Yes, exactly.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Yes I agree, the concept of securing a system stays the same. Simply don't allow new/untrusted executables and drivers to run, period. That would have prevented this attack. The only new thing about this attack is that it took quite some time to discover it, this means that HIPS and IDS need to be top notch, especially because the used malware was mostly operating from "in-memory".
     
Loading...