lolloj - Fotolia
A recent Bitdefender hack is the latest incident in a string of cyberattacks against security vendors, indicating an apparent trend of hackers increasingly targeting the very firms charged with ensuring enterprise security.
Bitdefender last month was breached by a hacker who stole unencrypted usernames and passwords; the hacker, going by the pseudonym "DetoxRansome," demanded a $15,000 ransom via Twitter. DetoxRansome later published a list of usernames and passwords for 250 accounts on pastebin Web application Pastee, some of which had .gov domain extensions, indicating government customers were affected. Bitdefender confirmed these accounts were active customers.
Bitdefender stated there was a security issue with a single server that, after a thorough investigation, was blamed on human error. The server was operating with an outdated software package that contained known flaws.
Bitdefender claimed the limited number of exposed usernames and passwords represents less than 1% of its small and medium-sized business (SMB) customer database. Enterprise customers were not affected, according to the company. The data stolen was reportedly unencrypted and in plain text.
In a public statement about the breach, Bitdefender spokesperson Marius Buterchi said: "We immediately launched an investigation and found that a single application was concerned -- a component of the public cloud -- exposing a very limited number of usernames and passwords." The issue was put to rest after security measures were taken to prevent future breaches, according to the company.
Still, DetoxRansome this week threatened on Twitter to release more data from the breach, including 67,000 credit card numbers and corresponding security codes, unless Bitdefender paid the $15,000 ransom within 24 hours. DetoxRansom later tweeted that he would sell the data on the open market for 10 Bitcoins.
Samir Kapuriavice president and general manager of Cyber Security Services at Symantec
The Bitdefender hack is just the latest incident of a security vendor suffering a data breach. Russian antivirus vendor Kaspersky Lab was also breached earlier this year by attackers using the sophisticated Duqu 2.0 malware. Kaspersky said it detected an intrusion on some of its internal systems and, after an investigation, determined an advanced persistent threat group had breached its network to obtain the company's technology secrets. Kaspersky said no customer data was affected in the breach.
Similarly, cloud-based password manager LastPass was recently breached, resulting in exposed customer emails and hashed passwords. Although the encryption measures taken to protect customer passwords were successful, the company advised customers to change their master passwords. It was the second breach for the company since 2011.
Security vendors have become keenly aware that they may have a bigger target on their backs than companies in other vertical industries. Andre Durand, chairman and CEO of Denver-based Ping Identity Corp., said at the recent 2015 Cloud Identity Summit that he's become increasingly concerned about Ping being attacked by hackers and that the company plans to hire a CISO in the next six to 12 months.
Samir Kapuria, vice president and general manager of Cyber Security Services at Symantec, based in Mountain View, Calif., said large enterprises -- regardless of the vertical industry they are in -- are often targeted and attacked. And that's especially true for information security firms like Symantec. "To be in this industry, you're constantly under attack," he said.
Editor's note: Rob Wright contributed to this report
Learn more about the latest government data breach involving the U.S. Census Bureau