Security Vendor Bit9 Hacked To Spread Malware in Customer’s Network!
Bit9 is one of the best security firms that provide “Application Whitelisting” services to its customer. Like antivirus software which identify and quarantine the suspicious and bad objects, Bit9 helps companies to develop custom list of applications that are allowed to run and treat the other applications and potentially unsafe.
But, the current news is that the corporate networks of Bit9 have been violated by cyber attack. According to Bit9 reports, malware has been discovered by customers inside of their own Bit9 protected networks which was digitally signed by encryption keys of Bit9.
Bit9 is a trusted software publisher that secure customer PCs and networks by blocking the applications which are not approved as whitelisted. That means, when it is applied to a machine, this machine will blindly trust and run everything which is signed by Bit9.
According to Bit9 reports, attackers have managed to compromise some parts of Bit9 system that is not protected by company’s own software and after entering to the system, they have stolen the Bit9’s secret code-signing certificates. Bit9 has stated that due to some technical operation they failed to install their product on a handful of computers within their networks. As a result, the attackers were able to gain a temporary access to one of their digital code-signing certificates. Then the attackers have used it to sign malware illegitimately.
“One of the things I’ve stressed to security companies I’ve done work for is that everything they do is based on trust in their brand and product, and that getting hacked is a fundamental attack on that trust structure,” said Eugene Spafford, professor of computer science at Purdue University.
According to a recent press release, Bit9′s global customers come from a wide variety of industries including e-commerce, government, retail, healthcare, financial services, technology and utilities. So, this attack will affect both of the customer networks and the company’s future widely.