Security Firm Hacked

Monday, February 11, 2013 @ 02:02 PM gHale


Bit9, a security firm that provides software reputation, application control and whitelisting services suffered a breach that left three of its customers infected with malware.

“Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network. As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware,” said Bit9 Chief Executive Patrick Morley.

RELATED STORIES
New Attacks from ‘Gameover’ Gang
Changeup Worm Growing
New Malware Targets Databases
Fake Certificates for Police Trojans

“There is no indication that this was the result of an issue with our product. Our investigation also shows that our product was not compromised. We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9,” he said.

The company reacted by revoking the affected certificate, making sure Bit9 is on all of its physical and virtual machines, and will be issuing a patch for its software that will automatically detect and stop the execution of any malware that illegitimately uses the compromised certificate.

This attack is similar to the one RSA suffered in March 2011, when the attackers were after information that would allow them to break the protection the company’s SecurID tokens.



Leave a Reply

You must be logged in to post a comment.