Top Russian Hacking Group Breaches Three AV Companies

Written by

A report published today by Advanced Intelligence revealed that three US-based antivirus software vendors have been breached, and a high-profile collective of Russian hackers is claiming responsibility.

Using a credential-stuffing botnet, the known international cybercrime group has reportedly stolen more than 30 terabytes of data from the networks of three U.S.-based antivirus firms. Advanced Intelligence research disclosed that “Fxmsp,” a collective of hackers who speak both Russian and English, has also advertised that access to both the source code and networks of three US-based antivirus software vendors can be purchased for $300,000. The hackers have also providing evidence to validate their claims.

“Cyber-attackers long ago discovered that the easiest way to gain access to sensitive data is via weak, default or otherwise compromised credentials,” said Dr. Torsten George, cybersecurity evangelist at Centrify.

“The reality is that guessing passwords is easier than going up against technology. In fact, a recent Centrify study found that privileged credential abuse is involved in almost three out of every four breaches. Privileged account access provides cyber adversaries with the keys to the kingdom and a perfect camouflage for their data exfiltration efforts.

“It’s well past time to adopt a zero-trust approach, powered by additional security measures such as multifactor authentication (MFA) and privilege elevation, to stay ahead of the security curve. MFA is the lowest-hanging fruit for protecting against compromised credentials.”

The news evidences the reality that no organization is impervious to an attack. “Even security companies aren’t immune from breaches,” said Tim Erlin, VP, product management and strategy at Tripwire.

“They certainly have sensitive data to protect. They may not be targeted as often because the data they have is harder to monetize. Source code for any security product, antivirus included, is valuable to attackers working on ways to circumvent controls or avoid detection. If an attacker knows the internals of how security tools work, they can build exploits to avoid them more easily.”

What’s hot on Infosecurity Magazine?