Kaspersky Lab Confirms Website Attack; Verifies No Data Was Compromised

February 1, 2009

Kaspersky Lab Confirms Website Attack; Verifies No Data Was Compromised

The usa.kaspersky.com domain was attacked on Friday, February 6, 2009. The attack occurred when a SQL injection attack was launched on a subsection of the site, the support site. A vulnerability was in the code of the support site when a new version of the site was rolled out at the end of January. The attack was successful in penetrating the support site, but it was unable to take data from the site and as a result no data was compromised.

Upon notification of the vulnerability, company personnel took immediate action to address the issue, and the vulnerability was remediated within 30 minutes of notification. The attack was not able to access to any other portions of any other Kaspersky Lab sites – including ecommerce sites.

The company’s experts are currently investigating the incident and to go a step further have hired Next Generation Security Software’s David Litchfield to further investigate. Upon completion, the results of Litchfield’s report will be made public.

Kaspersky Lab recognizes the fact that this attack could have had much more serious ramifications and is doing an extra-thorough security audit of all official Kaspersky Lab sites and developing additional internal review processes to ensure the company’s corporate resources are protected from similar attacks in the future.

It should also be noted that Kaspersky Lab’s core competency as a company is developing anti-malware solutions and our research and development is a different group from our web developers, therefore the quality of the solutions we deliver has not been compromised in any way.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Kaspersky Lab Confirms Website Attack; Verifies No Data Was Compromised

Kaspersky Lab Confirms Website Attack; Verifies No Data Was Compromised

About Kaspersky

Related Articles Press Releases

Kaspersky statement on compliance in the U.S. following ICTS Final Determination

Quadrant Knowledge Solutions grants Leader status to Kaspersky Threat Intelligence

SMB malware infections rising amid resurgence of attacks leveraging Microsoft Excel, Kaspersky reports

Kaspersky introduces new Windows digital forensics online cybersecurity training

Kaspersky statement on the company leadership inclusion on the sanctions list by the Department of the Treasury’s Office of Foreign Assets Control (OFAC)

Kaspersky Statement on the U.S. Commerce Department Determination

Kaspersky introduces Kaspersky Cloud Workload Security ecosystem

Kaspersky studies 193 million passwords, finds 45% could be cracked in less than a minute

Kaspersky opens CFP for 2024 Security Analyst Summit

Kaspersky releases enhanced apps for iOS and Android