Advanced Intelligence, LLC recently released a report on a hacking group known as FXMSP. This group is claiming to have breached three separate US based antivirus firms. These breaches appear to be extensive as FXMSP was able to uncover source code and methodologies on how these three companies’ antivirus products work. In an ironic twist, it appears that FXMSP was able to carry out these breaches using credential theft and insecure remote desktop access; not malware.
This breach highlights the need for a multi-tiered security approach. Just having an antivirus solution in place and calling the network secure doesn’t work anymore. While antivirus solutions are a critical component, they should be backed up by system patching, proper perimeter control, and advanced security event monitoring. A sophisticated attack was not required for FXMSP to compromise these companies. All they needed was a few credentials and some open firewall ports to successfully breach these antivirus firms.
Symplexity is monitoring for any developments and will be in contact with our Symplexity Secure customers if any further action is needed.