Bit9 Breach Beginning in July 2012

According to evidence being collected by the security experts evaluating the incident, Cyber Intelligence hackers who broke into the Security firm initially in July 2012, broke the company's defenses in July 2012, as per a statement published by Krebsonsecurity.com on February 20, 2013.

Though Bit9 seems to be quite reluctant to name the customers that were affected due to the intrusion, but the custom-made malicious software that were used in the attack last year were highly targeted attacks against US Defense contractors.

According to the claims held by Harry Sverdlove, Chief Technology Officer at Bit9, most likely the attackers leveraged an SQL injection vulnerability that targeted its public website at that time, as per softpedia.com on February 26, 2013.

The effective machine that were accessed by the cyber criminals ended up in late July 2012 and stayed offline till December 2012, which is the reason for the security firm not being able to find the intrusion till January 2013, when the system was revived online once again.

After gaining an entry to the code-signing certificate, the attackers utilized it to login a total of 32 files, containing the types of the Home UNIK and HitKit backdoors. As its investigation spreads out, Bit9 discovered that the hackers had planted the malware on other sites, manufacturing a drive-by-download attack.

That attack would then hamper users operating old versions of Oracle's Java software.

As the investigation is still going on, Sverdlove announced that it would share more information, only when the right time arrives. He further explained that he would not share information that would compromise the customers' privacy or violate their confidentiality at any means, as per news published by scmagazineuk.com on February 21, 2013.

According to him, being members of the broader security community, it is their responsibility to offer information with the aim of helping others protect themselves, increasing their level of awareness, and also support them in type of investigations.

Sverdlove further clarified that they could only speculate though they believe that the attack was a part of a larger campaign against a significant and narrow set of companies. He is also hopeful that the evidence would provide more insight into that so that the nature of the cyber enemies be better understood.

Related article: Bot Builds Spam - Spreading Zombie Army

» SPAMfighter News - 3/7/2013