Last week Bit 9, a company that develops and markets a competing product to Faronics Anti-Executable, disclosed that their networks had been breached by a cyberattack. What’s ironic about this breach is that it could have been prevented – by Bit9’s own software. However, in a case of the “cobbler’s kids having the worst shoes” and the “plumber with the leaky pipes”, Bit9 was definitely not eating their own dog food. The breach happened on the computers where Bit9 did not have their own application control software installed.
As part of their application control solution, Bit9 offers digital certificates for software products, which act as a form of verification that the product’s are clean, free of malware and safe to install on a computer. The hackers were able to steal Bit9’s secret code-signing certificates and used this to stamp their own malware and distribute the malware to Bit9’s customers.
The breach itself is not that massive as less than a handful of customers were affected – this was more a case of operational oversight on the art of Bit9. What’s noteworthy is that:
- The breach was preventable with Bit9’s own software.
- Application control is so effective at hardening targets that cybercriminals are acknowledging the only way to get around it is to try and find a way to compromise it first.
Jeremiah Grossman of Whitehat Security said that this was certainly a highly targeted attack with a means to an end. “It’s also interesting that they went after Bit9′s certs, and not by trying to exploit vulnerabilities in it. Instead of hacking the Bit9 application or network device, they went after Bit9 directly. That says a lot on its own.”
Unlike the Bit9 solution, Faronics Anti-Executable uses a different approach and does not re-sign software with our own digital certificate. Also as there are no updates there is no way for cybercriminals to hijack Faronics infrastructure to infect Faronics Anti-Executable customers with malware.