Krebs on Security recently reported on the suppression of a particularly insidious breach at Altair Technologies, but an even bigger story may be the impressive efficiency of this attack. Jeff Hill, Director, Product Management at Prevalent, Inc commented below.
Jeff Hill, Director, Product Management at Prevalent, Inc:
“Ironically, Altair’s awkward attempt to cover up or otherwise downplay the significance of their breach successfully masks both the serious nature of the episode, and the brilliance of this attack vector. The attackers successfully penetrated a single organization, and then navigated to the update server, an ingenious technique to propagate malware to dozens of high-profile organizations while barely lifting a finger.
But perhaps the shrewdest element of this incident is the obscurity of the chosen target. How many organizations – even the most security-conscious with robust vendor risk management programs – would subject a small Windows log parsing utility vendor to meaningful scrutiny? Flying under the radar works for military pilots, and, as the Altair breach illustrates, for cyber criminals as well.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…
Just one week after the Zoll Medical data breach that…
Independent Living Systems (ILS), a Miami-based healthcare software firm providing…