Moscow-based antivirus maker, Kaspersky Lab, has admitted to being hacked by way of malware dubbed Duqu 2.0, a derivative of the infamous Stuxnet malware. The attack is said to have happened over many months in 2014.
Customer data is said to be safe as the attackers were not able to access it. The attackers are said to have focused on Kaspersky's intellectual property and systems information.
Kaspersky is not the first antivirus company to get hacked. Information is still being collected as to how the breach happened. Investigators are looking into the company's Windows PCs - the theory being that the network may have been compromised to uncover how researchers decided which malware to manually examine.
Kaspersky has software that automatically sorts through malware to discern that which needs to be investigated manually by researchers. Figuring the algorithm or the process of elimination used to decide which malware is passed over by the automated sorting system would be invaluable information for creators of malware.
Kaspersky have revealed that while the attackers had several months of access to the network, courtesy of the malware, they dismissed the value of any knowledge acquired, arguing that the information quickly becomes outdated. They also added that the risk of being exposed outweighed any potential information gains.
Duqu 2.0 is known to resides almost exclusively in memory, making it difficult for security software to detect it. Eugene Kaspersky presented an interesting solution to the issue when questioned - "Technically, it's simple: Turn off the power and the system will be clean."
0 comments:
Post a Comment