Underestimating The Attack Severity In The Krebs Altair Breach Notification Story

Krebs on Security recently reported on the suppression of a particularly insidious breach at Altair Technologies, but an even bigger story may be the impressive efficiency of this attack. Jeff Hill, Director, Product Management at Prevalent, Inc commented below.

Jeff Hill, Director, Product Management at Prevalent, Inc:

jeff-hill“Ironically, Altair’s awkward attempt to cover up or otherwise downplay the significance of their breach successfully masks both the serious nature of the episode, and the brilliance of this attack vector.  The attackers successfully penetrated a single organization, and then navigated to the update server, an ingenious technique to propagate malware to dozens of high-profile organizations while barely lifting a finger.

But perhaps the shrewdest element of this incident is the obscurity of the chosen target.  How many organizations – even the most security-conscious with robust vendor risk management programs – would subject a small Windows log parsing utility vendor to meaningful scrutiny?  Flying under the radar works for military pilots, and, as the Altair breach illustrates, for cyber criminals as well.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.