An internet network security company that once wooed bank’s business has been hacked, and was being used by criminals to help spread malicious software, according to the tech blog KrebsOnSecurity.
Bit9 confirmed the news in a blog post — explaining that “due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network.
“As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.”
Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known “safe” files from computer viruses and other malicious software.
At one time, Bit9 boasted financial services clients, such Omgeo, Putnam Investments and Thomson Financial. The company was also one of Bank Technology News magazine’s top 10 companies to watch in 2008.
From a @BankTechNews story, in 2008:
Today, the company has an index of over seven billion applications that fall into the “good guy” category. If a user wants to run a new piece of software, it’s checked against this list, and if it’s not on the list, it doesn’t run.
They’re the only vendor that’s produced such a list, says Gartner analyst Peter Firstbrook. And it’s the perfect solution for desktops that are only supposed to run a limited set of software – such as point of sale terminals, he says.
From BTN’s Top 10 Companies to Watch in 2008 listing:
STATUS: Private FOUNDED: 2002 CEO: Patrick Morley
BECAUSE: Unauthorized software is wreaking havoc on organizations, so its enterprise whitelisting of millions of unique applications lets the good guys in, keeps the bad guys out.
PARTNERS: BigFix, McAfee, Kaspersky, Guidance Software
It’s no surprise that the use of unauthorized software has become the bane of CIOs’ existence. For the first time in history, more malware was created in 2007 than in all prior years combined. Whether criminal malware or peer-to-peer products innocently downloaded by employees, unauthorized software is wreaking havoc on organizations. Bit9’s endpoint security is working to change that through its enterprise application whitelisting, which determines what software and devices can operate on desktops and servers without relying on malware signatures or behavioral patterns.