Hackers hijack Bit9 to target its customers with malware

Share this article:

Hackers have breached the security company Bit9 and accessed its code-signing certificates, enabling intruders to digitally sign malware to appear as legitimate files, the vendor announced Friday.

Bit9, based in Waltham, Mass., is a provider of technology that enables its approximately 1,000 global customers, which includes Fortune 500 companies and government agencies, to create a "whitelist" of approved software, while everything else is blocked. The solution typically is viewed as an alternative to traditional anti-virus.

But, according to a blog post Friday from Bit9 CEO Patrick Morley, miscreants were able to turn Bit9's secret sauce against them by getting a hold of the vendor's digital signatures and then delivering malware to a handful of customers that appeared to be on their trusted list of software. Security blogger Brian Krebs was the first to report the story.

In other words, the hackers' goal was to compromise Bit9 so they could then break into the ultimate target organization's network without being detected.

Three unnamed customers were affected, Morley said. As a result of the breach, Bit9 has revoked the compromised certificate, secured its systems and updated its product so that it will detect a similar misuse in the future.

Morley blamed the breach on an operational breakdown.

"Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network," the post said. "As a result, a malicious third-party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.

It's unclear how the intruders initially gained access to Bit9 systems.

"We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9," Morley wrote.

Share this article:

Sign up to our newsletters

More in News

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.