Security Firm Finds Attack Signs

Monday, April 9, 2012 @ 01:04 PM gHale


Here is a security company practicing what it preaches, but unfortunately, it found a problem.

Security firm Sophos suffered a security breach and as a result, the company took its partner portal offline and will reset every user’s password because it found signs of a potential breach on the server hosting it.

RELATED STORIES
Tool Automates an Attack
Malware’s Next Move: DNS
Watch Out for Malicious Proxies
Data Breaches Focus on Money: Study

“Two unauthorized programs were found on the server, and our preliminary investigations indicate that these were designed to allow unauthorized remote access to information,” Sophos said.

The company’s staff found the unauthorized applications during a routine security check April 3, and they immediately took the potentially compromised server offline for further investigation, the company said.

Sophos could not establish if attackers stole the data stored in the website’s database, which includes partners’ names and business addresses, email addresses, contact details, and hashed passwords. However, it decided to proceed under the assumption that it had.

The website will come back after they complete a security audit and they remediate the problem. However, as an additional precaution, the company will forcibly reset all user passwords.

The company advised its partners to also change their passwords on other websites where they might have used them, and to be on alert for potential phishing emails that claim to originate from Sophos.

It’s relatively common for attackers responsible for breaches that result in stolen email addresses to exploit the known business relationship between the affected users and the victim organization through phishing, in an attempt to extract more information.

In situations where the affected organizations are security firms like Sophos, such phishing attacks can have a high rate of success, because of the inherent trust that exists between users and their security vendors.

“We realize that the site’s downtime and the forced password resets may be an overreaction and are sorry for the disruption this will cause, but we would rather cause some inconvenience at this stage than delay as we wait for further information,” the company said.

Only the older partner portal, located at https://gpp.partners.sophos.com, suffered from the issue, Sophos said. Partners that have already moved to its new Salesforce.com-based portal don’t have to worry about the password resets or downtime.



Leave a Reply

You must be logged in to post a comment.