Multiple AV Company Breaches

The source code and network access to three US based antivirus companies are up for sale. Fxmsp, a criminal hacking organization with a reputation for breaching companies and then selling the access is reportedly behind these attacks. The group has been identified as selling access to corporate networks worldwide, including a global breach of a luxury hotel group—potentially tied to the Marriott/Starwood breach revealed last November.

Commentary: This event highlights how the ecosystem of cyber-crime is evolving, and how the arguments from management that “they are not a target” are baseless. Any company, having any IT, can be monetized by criminals. Whether to steal and sell their information, blackmail them by disrupting their operations, steal the use of their servers and PCs to mine cryptocurrency or support the illegal activities (spamming, malware distribution, etc) of others or leverage the access they have to other companies to carry out downstream attacks.

Likely Threat(s): Criminals (Fxmsp)
Likely Motive(s): Theft, Espionage?
Likely Means: Credential Theft?, Misconfigurations?
Opportunities: Secure Configurations?, Phishing Protections?

%d bloggers like this: