Antivirus firm Kaspersky breached sometime last year. Full extent of damage not yet known.

Kaspersky is an antivirus company out of Russia that develops and maintains the Kaspersky antivirus product as well as a number of popular post-infection clean-up tools.  Kaspersky has been in the news a good bit for their research into viruses, malware and various attack / exploit kits.  As a high-value target, their network was breached at least once several years ago and it appears that they were hit again sometime last year.

According to this article on Wired, the Antivirus company Kaspersky suffered a significant data breach ‘sometime last year’ and, as far as they know thus far, the attackers only stole data but they also indicate that they aren’t 100% sure *what* all was taken.

 

Some important things to take from this:

  • If you’re using Kaspersky antivirus and plan to continue, follow this story.  At this time, it seems that the attackers were simply exfiltrating data but it’s unclear *what* data.  If it was user data (Kaspersky reports more than 400 million users), there could be a spear phishing attack just over the horizon.
  • This is a competent security company but a determined attacker was still able to gain access and remain undetected for a long time.  The importance of vigilance with regard to network / operational security should not be understated if you store any valuable data (PCI-DSS, HIPAA, HR, etc.).
  • At the very least, these attackers know *very well* how Kaspersky software works and how to bypass it completely.