Advanced Intelligence published a report revealing that three US-based antivirus software vendors have been breached, and a high-profile collective of Russian hackers is claiming responsibility. Specifically, Fxmsp is a hacking collective that has operated in various top-tier Russian- and English-speaking underground communities since 2017. They are known for targeting corporate and government networks worldwide.
Generally, cyber attacks pose a great threat in the shipping industry, as many are the incidents that have caused major organizations and companies to halt operations, resulting to time-consuming and expensive solutions to gain back operations and private data.
Striking examples of cyber attacks during 2018 highlighted the negative effects they have on the shipping sector, as the attack COSCO suffered, or the port of San Diego which was severely affected by cyber attacks which disrupted the port’s information technology systems.
Although the majority supports that antivirus systems protect a company or an organisation from cyber threats, Fxmsp, a network of trusted proxy resellers to promote their breaches on the criminal underground, announced that they managed to collect extracted sensitive source code from antivirus software, AI, and security plugins, and have as a priority to attack antivirus companies.
[smlsubform prepend=”GET THE SAFETY4SEA IN YOUR INBOX!” showname=false emailtxt=”” emailholder=”Enter your email address” showsubmit=true submittxt=”Submit” jsthanks=false thankyou=”Thank you for subscribing to our mailing list”]
Fxmsp also commented on the capabilities of the different companies’ software and assessed their efficiency.
In addition, Fxmsp addressed that its goal now, is to steal information from secured systems.
For instance, on April 24, 2019, Fxmsp claimed to have secured access to three leading antivirus companies. According to the hacking collective, they worked tirelessly for the first quarter of 2019 to breach these companies and finally succeeded and obtained access to the companies’ internal networks.
The collective provided a list of specific indicators through which it is possible to identify the company even when a seller is not disclosing its name. Fxmsp offered screenshots of folders purported to contain 30 terabytes of data, which they allegedly extracted from these networks. The folders seem to contain information about the company’s development documentation, artificial intelligence model, web security software, and antivirus software base code.
In addition, Fxmps has as a priority to specifically attack antivirus companies, as antivirus breach research has been their main project over the last six months, which directly correlates with the six-month period during which they were silent on the underground forums where they normally post. This period started with their seeming disappearance in October 2018 and concluded with their return in April 2019.
Therefore, Advanced Intelligence recommends:
- Monitoring and reviewing the network perimeter for any externally-exposed Remote Desktop Protocol (RDP) servers and Active Directory (AD) might reduce exposure to the known two initial attack vectors.
- Employing robust patching and security hygiene, as well as monitoring for spearphishing email messages might assist with identifying early warnings linked to the Fxmsp’s newer attack vector environment.
- Segregating and protecting sensitive source code development environments from access to the main network might thwart attempts to exfiltrate intellectual property from the network.
