News

Cybercriminal stolen data from 3 Major US antivirus developers

Cybercriminal band of the allegedly Russian origin put up for sale information that was stolen from three American antivirus software producers.

The case is linked to Exmsp band that for a long time specializes of sales of original corporate data. As reports IT-company Advanced Intelligence (AdvIntel), criminals earned with their illegal business about $1 million.

Fmsp exists since 2017 and is well-known on cybercriminal forums. According to Advltel, band includes Russian – and English – speaking hackers. Main aim of cybercriminals are governmental institutions around the world as they steal from them confidential information. Sales of stolen data performed through the network of reliable intermediaries.

As a rule, Exmsp invades in corporate networks though available from the outside RDP servers and unprotected active directories. In addition, cybercriminals created botnet that is fishing credentials from victims.

In March 2019, Exmsp reported that they got the data of three US cybersecurity solutions producers, including initial codes of antivirus products, artificial intelligence and security plugins. For access to corporate networks and stolen information band extorts $300 000.

“If what they’re offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless… or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool”, — considers Forbes analyst Lee Mathews.

Cybercriminals do not disclose names of compromised companies, though provide screenshots for their identification. Fxmsp also offers “screenshots of folders with 30 Terabytes of data that was allegedly extracted from corporate networks”. Folders contain documents on development of artificial intelligence, solutions for Internet security and codes of antivirus products.

Fxmsp revealed the stolen source code stored in the debug information.

Antivirus software suggests work with deep network penetration. The hope is that one of cybersecurity business leaders would fork out $300 000 to save these 30 Tb of stolen information, otherwise computers all over the world are endangered.

Recommendations & Possible Mitigation from Advintel

Monitoring and reviewing the network perimeter for any externally-exposed Remote Desktop Protocol (RDP) servers and Active Directory (AD) might reduce exposure to the known two initial attack vectors.

Employing robust patching and security hygiene, as well as monitoring for spearphishing email messages might assist with identifying early warnings linked to the Fxmsp’s newer attack vector environment.

Segregating and protecting sensitive source code development environments from access to the main network might thwart attempts to exfiltrate intellectual property from the network.

Source: https://www.advanced-intel.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

1 day ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

1 day ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago