Hackers hijack Bit9 whitelist in targeted attack

By on
Hackers hijack Bit9 whitelist in targeted attack

Failed to install its own software.

Hackers have breached security whitlisting company Bit9 and accessed its code-signing certificates, enabling intruders to digitally sign malware to appear as legitimate files.

Bit9 enables about 1000 global customers to create software whitelists which serves as an alternative to traditional anti-virus.

Chief executive officer Patrick Morley said in a blog Friday that hackers turned its secret sauce against them by obtaining its digital signatures before delivering malware to a handful of customers that appeared to be on their trusted list of software.

The goal of the attack was to compromise Bit9 and then break into a target organisation's network without being detected.

Three unnamed customers were affected, Morley said. As a result of the breach, Bit9 has revoked the compromised certificate, secured its systems and updated its product so that it will detect a similar misuse in the future.

Morley blamed the breach on an operational breakdown.

"Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network," the post said.

"As a result, a malicious third-party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.

It's unclear how the intruders initially gained access to Bit9 systems.

"We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9," Morley wrote.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?