But among all those data breach, internet had missed another biggest one. Yesterday security journalist Brain Krebs had wrote a blog post making a light on a topic that was discussed on RSA security conference, held in San Francisco last week.
The report presented on RSA was of the threat from a malware operation the company dubbed “Kingslayer.” According to RSA, the attackers compromised the Web site of a company that sells software to help Windows system administrators better parse and understand Windows event logs.
The name of the company was not disclosed at conferences but with some of clues, Krebs had got the victim vendor. It was Altair Technologies Ltd, which sells a simple application called EVlogs, that helps to prase Windows Event log in a better way.
Why this is Biggest Security Breached?This is another biggest security breach because, according to RSA, the victims that uses the EVlogs software, included five major defense contractors, four major telecommunications providers, 10+ western military organizations, more than two dozen Fortune 500 companies, 24 banks and financial institutions, and at least 45 higher educational institutions.
“Supply chain exploitation attacks, by their very nature, are stealthy and have the potential to provide the attacker access to their targets for a much longer period than malware delivered by other common means, by evading traditional network analysis and detection tools,” wrote RSA’s Kent Backman and Kevin Stear. “Software supply chain attacks offer considerable ‘bang for the buck’ against otherwise hardened targets. In the case of Kingslayer, this especially rings true because the specific system-administrator-related systems most likely to be infected offer the ideal beachhead and operational staging environment for system exploitation of a large enterprise.”
You all can get a copy of the RSA report available here (PDF).
After the research work of Kent and Kevin along with Krebs, Altair Technologies Ltd had commented saying they are not so popular to gain the media headlines. They said -
"We also don’t expect that a large organization would use EvLog to monitor their servers – it is a very simple tool. We identified the problem within a couple of weeks and imposed several layers of extra security in order prevent this type of problem.”. we don’t keep track on who downloads and tries this software, therefore there is no master list of users to notify. Any anonymous user can download it and install it. - they added.
We like to thanks Brain Krebs for his efforts to bring up this notification. And also appreciate the efforts of Kent and Kevin for this research work. Without them we don't even know about this breach.
Cyber Kendra thanks to all people on this research for there work and great contribution on Security community.