First Fortinet, Now Dr.Web; When Cybersecurity Companies Get Cyber Attacked

After Fortinet’s breach last week, Dr.Web now joins the list of cybersecurity firms targeted by hackers.

By Marco Rizal - Editor, Journalist 2 Min Read
Share this post?
Share this post?

After Fortinet’s breach last week, Dr.Web now joins the list of cybersecurity firms targeted by hackers.

  • Dr.Web detected a cyberattack and disconnected servers to protect its network.
  • Virus database updates were suspended while the breach was investigated.
  • The company claims no users were affected, and updates have resumed.

Just a week after the high-profile Fortinet breach, another cybersecurity company was the target of a cyberattack.

This time, it’s Dr.Web, a Russian anti-malware firm. The irony of cybersecurity firms becoming prime targets for cybercriminals is almost absurd.

On September 14, Dr.Web detected “unauthorized interference” in its systems and immediately disconnected all servers from the internal network.

Not exactly the news you’d expect from an anti-malware vendor.

Dr.Web announced on Tuesday that it was suspending virus database updates for its customers while it investigated the breach.

Their official statement claims that “the attempt to harm our infrastructure was stopped in time,” and they assure customers that no one who uses Dr.Web products has been affected.

Perhaps a sigh of relief, but this incident adds to the growing list of cybersecurity firms that have been hacked.

Dr.Web diagnosed the attack using its own in-house tool, Dr.Web FixIt! for Linux.

According to the company, this tool helped them scan and neutralize the threat more effectively.

image 73
Dr.Web update after the cyber attack

On September 17, after the scans and analyses were completed, Dr.Web resumed virus database updates.

They claim to have “localized the threat” and ensured that it did not affect any clients. In other words, they avoided a bullet.

The big question, however, remains unanswered: Who carried out this attack? Dr.Web has not revealed any information about the attackers, leaving room for speculation.

State-sponsored organizations, hacktivists, or even rival cybercriminals may be to blame.

Cybersecurity firms have become more appealing targets. Kaspersky, another Russian cybersecurity giant, has been targeted several times by suspected state-sponsored actors.

Avanpost was also recently targeted by pro-Ukraine hackers. So this is not exactly uncharted territory.

When companies tasked with protecting us from cyber threats are hacked, you have to wonder if anyone is truly safe.

Dr.Web and Fortinet are just the latest examples of what appears to be a trend of cyberattacks against the very entities that are supposed to protect them.

Leave a comment