Feature

When cybersecurity firms fall victim to cyber attacks

Nothing is more sardonic than a security provider getting hacked. Here’s a look at some of the big guns in the cybersecurity space that were left red-faced following breaches at their own organizations.

The big RSA hack

Early 2011 witnessed cybersecurity giant RSA Security brought down to its knees by a sophisticated data breach, potentially compromising computer security products widely used by corporations and governments.

The question that really got enterprises in a tizzy was how hackers managed to infiltrate one of the top cybersecurity companies in the world.

The frenzied whodunit run that followed the attack revealed that the RSA breach resulted from attackers sending phishing e-mails with the subject line “2011 Recruitment Plan” to two groups of employees. One group found it interesting enough to retrieve one of these messages from the junk folder and open the attached Excel file.

Now, that Excel file contained a malware that used a zero-day flaw in Adobe’s Flash software to install a backdoor entry into the company’s systems.

Kaspersky struck by Trojan

In June, 2015, Eugene Kaspersky, the founder of Kaspersky Labs, revealed that the cyber thugs who targeted the security major were interested in spying on Kaspersky’s technology and its cybersecurity know-how.

He added that the attack was “a generation ahead of anything he had ever seen”. The attackers had managed to access some key information files, but the lost data was “in no way critical to operations.”

Kaspersky attributed the attack to a Trojan named Duqu, which sent shockwaves across the IT realm back in 2011, following attacks on India, France, and Iran.

The company added that the malware was spread using Microsoft installer files, which are commonly used by IT staff to install programs on remote desktops.

When hackers netted Barracuda

In 2011, Barracuda Networks published a report that disclosed that 73 percent of organizations had been hacked at least once in the last two years. A couple of months later, Malaysian hackers breached the company.

Barracuda Networks confirmed that hackers had used a relatively simple technique to access an internal database via its website. Although the passwords were encrypted, they were done so using a hashing algorithm called MD5, which is considered to be a flawed and outdated encryption method.

The Barracuda attack also uncovered the e-mail addresses of its employees along with their passwords.

BitDefender fails to defend itself

The first thing that strikes you is the scale of the attack on BitDefender.

400 million customer accounts were compromised following the breach in July 2015.

The bad guys, Detox Ransome, in this case, encrypted the data and sought ransom from BitDefender. The company refused to pay the ransom and details of several customers were leaked online.

Detox Ransome, the notorious hacking group from the dark side of the web, was also held responsible for stealing the Democratic Nation Committee database in 2015.  

FireEye caught in the storm

Kristian Erik Hermansen, a security researcher blew the lid off cybersecurity behemoth FireEye’s internal vulnerabilities.

Hermansen claimed he had discovered at least four flaws within FireEye’s core security – revealing details of one and offering the other three for sale to the highest bidder.

A vulnerability he disclosed was one that he had been “sitting on for more than 18 months with no fix from security ‘experts’ at FireEye.”

When LastPass failed

Jam slice falls jam side down. A centralized password database is the Holy Grail for most hackers, and the attack in 2015 saw hackers gain access to the company’s repository.

LastPass, though said that master passwords were not exposed, since the company never had access to this information. Customers’ user names, passwords, and secure notes were not compromised as the hackers failed to get access to the encrypted vaults.

Cyberoam lost this one

The fag end of 2015 saw Indian cybersecurity provider Cyberoam hit with a cyber-attack that might have resulted in a leakage of its database that contained customer and partner information.

The information consisted of customer names, telephone numbers, email addresses, and basically everything that could give customers the jitters.

It was reported that a hacker on the dark web was willing to sell the database for 100 bitcoins, worth roughly Rs 49 Lakh.