Hackers hijack Bit9 to target its customers with malware

Share this article:

Hackers have breached the security company Bit9 and accessed its code-signing certificates, enabling intruders to digitally sign malware to appear as legitimate files, the vendor announced Friday.

Bit9, based in Waltham, Mass., is a provider of technology that enables its approximately 1,000 global customers, which includes Fortune 500 companies and government agencies, to create a "whitelist" of approved software, while everything else is blocked. The solution typically is viewed as an alternative to traditional anti-virus.

But, according to a blog post Friday from Bit9 CEO Patrick Morley, miscreants were able to turn Bit9's secret sauce against them by getting a hold of the vendor's digital signatures and then delivering malware to a handful of customers that appeared to be on their trusted list of software. Security blogger Brian Krebs was the first to report the story.

In other words, the hackers' goal was to compromise Bit9 so they could then break into the ultimate target organization's network without being detected.

Three unnamed customers were affected, Morley said. As a result of the breach, Bit9 has revoked the compromised certificate, secured its systems and updated its product so that it will detect a similar misuse in the future.

Morley blamed the breach on an operational breakdown.

"Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network," the post said. "As a result, a malicious third-party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.

It's unclear how the intruders initially gained access to Bit9 systems.

"We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9," Morley wrote.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff ...

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.