Hackers Breached 3 US Antivirus Companies

Status
Not open for further replies.
F

ForgottenSeer 58943

Clearly lateral movement within these networks was not guarded. That's actually incredibly lame for security computers... Also, many (including myself) have advocated here a form of security through obscurity.

That often, it isn't wise to use what everyone else, or even a significant portion of people use. Especially if that usage places you in the company of targets - that is a product many targeted people (for whatever reason) would themselves use. As that fact would increase the threat surface of the product and everyone using it. If you think AV companies can contain their code and maintain secrecy and safety you are wrong. Not even Kaspersky can do that as we found out in a serious of breaches of them as well.

So using an AV that 'nobody cares about' is probably not a bad idea. Using no AV at all and relying on locking down Windows, SRP, Anti-EXE and other things is probably an even better idea. But if you insist on using an AV perhaps it is wise to consider one of the less popular ones.

Emsisoft is divergent in that their distributed company format could potentially give it greater security and privacy if they conduct it with efficient and serious protections. But if they aren't diligent that distributed environment could expose them to ancillary breaches.

Trend, Symantec and McAfee are largely rendered irrelevant now. This theft appears extensive. They'd have to re-engineer their entire product line to overcome such a wide ranging theft if the reports are accurate. As a result, I would immediately cease usage of all three products. Also keep in mind, if you use a router with Trend Micro, that could also be a problem as it shares code from the desktop versions in how it manages web filtration. I'd expect as more leaks unfold the detection level of exploits of these products escalates accordingly.

PS: SIGNIFICANT portions of US Govt., Infrastructure and Military use the above three products.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
So using an AV that 'nobody cares about' is probably not a bad idea. Using no AV at all and relying on locking down Windows, SRP, Anti-EXE and other things is probably an even better idea. But if you insist on using an AV perhaps it is wise to consider one of the less popular ones

Amen to this. We are fortunate to have info and access to such a variety of choices here on MT.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Clearly lateral movement within these networks was not guarded. That's actually incredibly lame for security computers... Also, many (including myself) have advocated here a form of security through obscurity.

That often, it isn't wise to use what everyone else, or even a significant portion of people use. Especially if that usage places you in the company of targets - that is a product many targeted people (for whatever reason) would themselves use. As that fact would increase the threat surface of the product and everyone using it. If you think AV companies can contain their code and maintain secrecy and safety you are wrong. Not even Kaspersky can do that as we found out in a serious of breaches of them as well.

So using an AV that 'nobody cares about' is probably not a bad idea. Using no AV at all and relying on locking down Windows, SRP, Anti-EXE and other things is probably an even better idea. But if you insist on using an AV perhaps it is wise to consider one of the less popular ones.

Emsisoft is divergent in that their distributed company format could potentially give it greater security and privacy if they conduct it with efficient and serious protections. But if they aren't diligent that distributed environment could expose them to ancillary breaches.

Trend, Symantec and McAfee are largely rendered irrelevant now. This theft appears extensive. They'd have to re-engineer their entire product line to overcome such a wide ranging theft if the reports are accurate. As a result, I would immediately cease usage of all three products. Also keep in mind, if you use a router with Trend Micro, that could also be a problem as it shares code from the desktop versions in how it manages web filtration. I'd expect as more leaks unfold the detection level of exploits of these products escalates accordingly.

PS: SIGNIFICANT portions of US Govt., Infrastructure and Military use the above three products.

Maybe this will be the reasoning I can use to trade our ASUS in for a Gryphon router.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
This is so embarrassing for Norton/Symantec from a TV watcher's standpoint, even if it was proved false after the fact. I watched the news recently and a show afterward is off the air and Norton with LifeLock has a fully 30 minute infomercial on identity theft and how this system, for a fee of course, will safeguard you from all kinds of dastardly stuff regarding your credit. Did Symantec not initially deny this allegation? Maybe most people won't make the connection between Norton and Symantec, especially not its LifeLock customers, ya think? Wow.

Plenty of commercials on LifeLock w/Norton on Youtube and other video sites. Apparently, subscriptions went up especially after the Equifax breach.
 

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
742
Grave news if it does come out to be true that Norton/Symantec is part of the bunch.... If so...ehhhh yeah Norton/Symantec will be coming off my personal systems ASAP for a while until I believe things are fixed. This may force me into the Bitdefender camp quite fast if this is the case here. Luckily, I have a system like Fort Knox here; however, I feel sad for folks who may not know about what is going on or fully understand.

Not extremely abnormal to see commercials for Norton/Symantec this time of year @plat1098 ! However, one does wonder based on recent happenings.... Its to be determined (TBD) yet what has all happened.

We live in a sad world. Thankfully, we have great folks here on MT to help make this world a better place!

I'm a bit on the edge of my seat about Norton/Symantec..... For now I'll be sticking with Norton/Symantec on my personal computers, but if things continue going where I think they are going off to Bitdefender I will roll and not look back to Norton/Symantec for some time. Depends largely on how things shake out. Who knows maybe these folks hit a "Honeypot" and are reporting it as "true" just to protect everyone. Yall know the stories of having a good "honeypot" for hackers to go after. Gotta' have one [errr in their case many] of em'.

Stay frosty!

~Brian
 

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
742
Imagine if you were using Trend. That bleepingcomputer piece is pretty concerning if those chat logs are real.

Yeah it would be rocky times at Trend I do say @blackice ... I fully agree. Not good by any means. If those chat logs are true and can be verified one way or another the folks at Trend gotta be shaking in their boots per say..

Any company that has been subject to this type of stuff would be shaking in their boots really. Honeypot theory or no honeypot theory - not good!

What is a honeypot in security lingo? Do a small Dr. Google search and anyone can find out. Needless to day, if these folks got the actual stuff then all bets are off on what may happen. Sad day n' age we live in. I hope things shake out ok for the companies - all companies - involved.

~Brian
 
  • Like
Reactions: JB007 and oldschool

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Yeah it would be rocky times at Trend I do say @blackice ... I fully agree. Not good by any means. If those chat logs are true and can be verified one way or another the folks at Trend gotta be shaking in their boots per say..

Any company that has been subject to this type of stuff would be shaking in their boots really. Honeypot theory or no honeypot theory - not good!

What is a honeypot in security lingo? Do a small Dr. Google search and anyone can find out. Needless to day, if these folks got the actual stuff then all bets are off on what may happen. Sad day n' age we live in. I hope things shake out ok for the companies - all companies - involved.

~Brian

I’m familiar with honeypots. But if they play a game of obfuscation on what really happened it’ll make a lot of customers feel burned. I don’t know if any business would agree to that. Not to mention Symantec having a high profile employee step down within a day.
 

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
742
I’m familiar with honeypots. But if they play a game of obfuscation on what really happened it’ll make a lot of customers feel burned. I don’t know if any business would agree to that. Not to mention Symantec having a high profile employee step down within a day.

Oh honeypots wasn't directed to you but just in general for folks. No worries.

Yeah something fishy is goin' on that's for sure. I don't believe for one second that its just really coincidence that those folks are stepping down at this point of time.. If it is coincidence then very bad coincidence it is indeed..Obfuscation no good comes from obfuscation .. You are right!

A lot of folks will feel burned for sure. Great points @blackice !

~Brian
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Maybe most people won't make the connection between Norton and Symantec, especially not its LifeLock customers, ya think? Wow.

Yes, most will either make no connection or will not hear about this because it's just one of too many other bad news stories on an average day. Only IT people, security forum nerds, Wall St. financiers and a few other newshounds will give a hoot about it. The news cycles are too big, complex and fast moving so this story will be yesterdays news fast for the billions of people the world over. :emoji_neutral_face:
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Oh honeypots wasn't directed to you but just in general for folks. No worries.

Yeah something fishy is goin' on that's for sure. I don't believe for one second that its just really coincidence that those folks are stepping down at this point of time.. If it is coincidence then very bad coincidence it is indeed..Obfuscation no good comes from obfuscation .. You are right!

A lot of folks will feel burned for sure. Great points @blackice !

~Brian

No worries, misunderstood you. I would hope it was a honeypot operation, or a big sham by this Advanced Intel company that came out of nowhere with this huge investigation. Unfortunately, signs point to it being real. Here’s hoping in a few weeks we all laugh because they say it was a honeypot operation. Not counting on it though.
 
  • Like
Reactions: JB007 and oldschool

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
My KIS seems affected as my wallpaper changed this morning? Should i be worried? :eek:
 

Attachments

  • Putin.png
    Putin.png
    3.4 MB · Views: 379

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Symantec
"Symantec is aware of recent claims that a number of US-based antivirus companies have been breached. We have been in contact with researchers at AdvIntel, who confirmed that Symantec (Norton) has not been impacted. We do not believe there is reason for our customers to be concerned."
A statement we received from AdvIntel agrees with Symantec's comment, noting that more proof was required in order to conclude that an unauthorized entity was indeed present on Symantec's network.
Trend Micro
"We have an active investigation underway related to recent claims, and while it is not complete, we want to transparently share what we have learned. Working closely with law enforcement, our global threat research and forensic teams are leading this investigation. At this moment, we are aware that unauthorized access had been made to a single testing lab network by a third party and some low-risk debugging related information was obtained. We are nearing the end of our investigation and at this time we have seen no indication that any customer data nor source code were accessed or exfiltrated. Immediate action was taken to quarantine the lab and additionally secure all corresponding environments. Due to the active nature of the investigation, we are not in a position to share any additional information, but we will provide an update when additional insights become available and can be disclosed."
According to Boguslavskiy, Trend Micro's statement is incorrect.
McAfee
"McAfee is aware of this threat claim targeting the industry. We’ve taken necessary steps to monitor for and investigate it."
 
Last edited:

alakazam

Level 9
Verified
Mar 25, 2014
398
So using an AV that 'nobody cares about' is probably not a bad idea. Using no AV at all and relying on locking down Windows, SRP, Anti-EXE and other things is probably an even better idea. But if you insist on using an AV perhaps it is wise to consider one of the less popular ones.
So which ones are not popular? Nano? Dr. Web? K7 Computing? ZoneAlarm?
 
  • Like
Reactions: oldschool

Thirio

Level 3
Verified
Well-known
Mar 3, 2017
126
An AV which is not being actively tested on AV-C or AV-TEST would be a start in finding the less popular ones. That seems a bit extreme though and instead of suffering from privacy and data leaks you will just get worse protection in exchange. Stick to EU based companies and you will be better off. Or even better lockdown Windows with a backup plan, anti-exe and sandbox instead of relying on software which introduce new vulnerabilities every other month.
 
  • Like
Reactions: oldschool
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top