Kaspersky on getting hacked

Kaspersky admitted its site was hacked this week, so we exclusively speak to the UK MD to grill him on what went down and what is happening now.

Hacker

EXCLUSIVE: This week IT PRO reported on security firm Kaspersky getting hit by hackers, effectively being beaten at its own game.

The breach, where cyber criminals tried to lure users into downloading fake anti-virus products with a link located on the Kaspersky website, went public without the company making any announcement on it.

Advertisement - Article continues below

Now we have managed to speak with the UK managing director Malcolm Tuck, who said Kaspersky did not feel it needed to publish a public warning as it would not have benefited anyone.

Instead it would only "have caused panic and confusion," Tuck stressed, saying the situation was identified and then rectified "very quickly."

All known affected people have now been contacted and Kaspersky is continuing to offer advice and support.

As noted in the previous report, the redirection to the fake anti-virus lasted three and a half hours and as soon as it was notified, the security firm took the affected server offline within ten minutes.

Tuck admitted that at the current time the impact of the attack is unknown, but Kaspersky is optimistic not many were affected.

"We are confident that the speed with which the situation was

dealt with has limited any impact," he said.

Advertisement
Advertisement - Article continues below

So what about reputation, something many consider to be the most serious impact from a breach?

Advertisement - Article continues below

"Judging by recent trends within the industry, breaches of security, especially when they occur within a security vendor's resources, do not go unnoticed," Tuck said.

"However, we are doing our utmost to contain the impact of the incident and reassure our customers that they are secure and protected."

As for the specifics of the hack, when IT PRO spoke to the Russian company earlier this week, it admitted an attack had exploited a vulnerability in a third party app used for website admin.

The issue affected "a very small number" of Kaspersky customers in the US, Tuck said, claiming no individual's details were compromised from the firm's web servers during the attack.

Tuck was unwilling to divulge any more information due to the fact an investigation is ongoing and until it is completed, we will not learn any more.

"Our researchers are currently working on identifying any possible consequences of the attack for affected users and are available to provide help to remove the fake anti-virus software," he added.

Advertisement - Article continues below

What this case brings up is the question of public disclosure. Kaspersky was evidently very quick to respond to the actual hack and in contacting affected parties, but it was not willing to let the wider community know about the situation. Whether this is the right approach or not is a debate that will no doubt rage on.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/ethical-hacking/355860/developer-scores-100000-bounty-from-apple-for-exposing-a-critical
ethical hacking

Developer scores $100,000 bounty from Apple for exposing a critical vulnerability

1 Jun 2020
Visit/security/hacking/355854/hackers-wreaking-havoc-on-googles-cloud-infrastructure
hacking

Hackers are wreaking havoc on Google’s Cloud infrastructure

1 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020

Most Popular

Visit/server-storage/network-attached-storage-nas/355849/western-digital-sneaked-inferior-smr-tech-into
network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020