When the People Who Protect Us Get Hacked
In order to gain a wider perspective on the world of Cybersecurity, I’ve decided to periodically ask guests to contribute to the CISO Update. This month’s Update is written by Patty Krakow, who works with me in IT and is the thought leader behind much of our Cyber Awareness and Training activity. She and I both thought that this story was worth sharing:
This week many information security news sources have released stories about the known cybercrime group, “Fxmsp”. This elite group of Russian hackers claims to have infiltrated the networks and stolen the source code, which is basically the “recipe” for the software, for three or four undisclosed US-based antivirus companies, and are offering to sell the stolen code back to the owners, or threatening to sell it to the highest bidder.
Should we take this threat seriously? Well, according to IT security experts, Fxmsp is a credible threat actor and it has already earned roughly $1,000,000 by hacking corporate networks around the globe. In this case, the data they are holding hostage appears to be information about the antivirus companies’ development, artificial intelligence model, web security software, and antivirus software base code, all which they are offering up for sale for $300,000.
Why should you care?
To understand why this threat is as serious as IT security experts claim, you need to understand a little bit about how antivirus software works. Antivirus software detects, blocks, and removes malicious software from your computer. It does this in two ways: First, it looks at any file (picture, worksheet, document, etc.) that you download and compares it to a very very long list of malicious files. (According to CNN, almost a million new viruses are released daily.) Second, because new viruses get developed so quickly, it examines the characteristics of each file to see if it resembles malware. This process, commonly known as “if it walks like a duck”, is more properly called “heuristics”.
This heuristic method of scanning for previously unknown threats is very complex and can be akin to building a strong immune system in your body. Simply, if the bad guys know how we are defending against the viruses they create, they can write even more malicious code to circumvent or override our well-developed defense mechanisms. That’s why the theft of this antivirus code is so dangerous.
For these well-established cybercriminals, seeing their work and name in the news is a victory, and finding victims who will pay large ransoms is a huge victory. So, they target big name organizations and they even target the very companies that are meant to defend against these threats. Stay aware and stay cybersafe!
About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.
-Walter Kerner
Assistant Vice-President and Chief Information Security Officer