See matching posts in thread - Insight and Bit9 compatibility ...
Bit9 , the market leader in adaptive application whitelisting, has announced their integration with Symantec Protection Center , Symantec’s centralized security management console. "To effectively mitigate security risks in their environment, our customers need visibility into proven third-party solutions like Bit9 Parity Suite. By providing single sign-on and data integration between our technologies, we are able to expand our customers' view into local security events and enable them to more quickly mitigate endpoint security risks," said Matthew Steele, Senior Director of Product Management at Symantec. About Bit9 Parity Suite Bit9's Parity Suite's adaptive application whitelisting solution protects organizations from modern cyber security threats
Interestingly, a Trojan.Naid sample was also signed by the compromised Bit9 certificate discussed in the Bit9 security incident update and used in an attack on another party
注目すべきなのは、ある Trojan.Naid のサンプルも、危殆化した Bit9 の証明書で署名されていた点です。この証明書は、 Bit9 のセキュリティ事案に関する更新情報 で報告されているとおり、他の標的に対する攻撃にも使われていました。
What was particularly interesting about this attack was the use of the watering hole attack technique and the compromise of Bit9’s trusted file signing infrastructure. The VOHO campaign was ultimately targeting US defense contractors whose systems were protected by Bit9’s trust-based protection software but when the Hidden Lynx attackers’ progress was blocked by this obstacle, they reconsidered their options and found that the best way around the protection was to compromise the heart of the protection system itself and subvert it for their own purpose. This is exactly what they did when they diverted their attention to Bit9 and breached their systems. Once breached, the attackers quickly found their way into the file signing infrastructure that was the foundation of the Bit9 protection model, they then used this system to sign a number of malware files and then these files were used in turn to compromise the true intended targets
Lo especialmente interesante de este ataque fue el uso de la técnica de “watering hole” y que se comprometió la infraestructura confiable de registro de archivos de Bit9. La campaña VOHO tenía como objetivo final atacar contratistas de defensa de los Estados Unidos cuyos sistemas estuvieran protegidos por el software de seguridad basado en archivos confiables de Bit9
O grupo utilizou o Hikit durante o comprometimento da infraestrutura de assinatura de arquivo de confiança Bit9 em 2012. Esse ataque foi então alavancado para organizar a campanha VOHO em julho de 2012, usando malware com assinatura Bit9. O alvo final da campanha eram empresas americanas cujos sistemas eram protegidos pela Bit9. E o Hikit mais uma vez desempenhou um papel fundamental nessa campanha de ataque
Hidden Lynx used Hikit during its compromise of Bit9’s trusted file-signing infrastructure in 2012. This attack was then leveraged to mount the VOHO campaign in July 2012 using Bit9-signed malware. The ultimate target of this campaign was US companies whose computers were protected by Bit9
Hidden Lynx는 2012년에 신뢰받던 Bit9 파일 서명 인프라스트럭처를 공격할 때 Hikit을 사용했습니다. 이를 발판으로 삼아 2012년 7월에는 Bit9 서명 악성 코드를 이용하여 VOHO 공격을 시작했습니다
Hidden Lynx utilizó a Hikit cuando comprometieron la firma de confiabilidad en la infraestructura de Bit9 durante 2012. Posteriormente, este ataque fue utilizado como base para montar la campaña VOHO en julio de 2012, utilizando el malware firmado por Bit9. El objetivo final de esta campaña fueron compañías de los EEUU, cuyos sistemas estaban protegidos por Bit9. Hitkit también jugó un papel clave en esa campaña de ataques