Hackers hijack Bit9 to target its customers with malware

Share this article:

Hackers have breached the security company Bit9 and accessed its code-signing certificates, enabling intruders to digitally sign malware to appear as legitimate files, the vendor announced Friday.

Bit9, based in Waltham, Mass., is a provider of technology that enables its approximately 1,000 global customers, which includes Fortune 500 companies and government agencies, to create a "whitelist" of approved software, while everything else is blocked. The solution typically is viewed as an alternative to traditional anti-virus.

But, according to a blog post Friday from Bit9 CEO Patrick Morley, miscreants were able to turn Bit9's secret sauce against them by getting a hold of the vendor's digital signatures and then delivering malware to a handful of customers that appeared to be on their trusted list of software. Security blogger Brian Krebs was the first to report the story.

In other words, the hackers' goal was to compromise Bit9 so they could then break into the ultimate target organization's network without being detected.

Three unnamed customers were affected, Morley said. As a result of the breach, Bit9 has revoked the compromised certificate, secured its systems and updated its product so that it will detect a similar misuse in the future.

Morley blamed the breach on an operational breakdown.

"Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network," the post said. "As a result, a malicious third-party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.

It's unclear how the intruders initially gained access to Bit9 systems.

"We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9," Morley wrote.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.