Anti-virus firm Avast was also in the firing line of the “KDMS Team”, who successfully changed the DNS records of Avast’s rivals AVG and Avira as well as those of popular smartphone app WhatsApp.
The KDMS Team’s successful unauthorised access to the Network Solutions accounts of AVG, Avira and WhatsApp appears to have been the reason that websurfers found themselves visiting a page playing the Palestinian national anthem and displaying a political message under the title “You’ve been pwned”.
There was no such embarrassment for Avast, however, as a blog post from the Czech security firm reveals.
Yesterday, several companies had their websites hijacked by pro-Palestinian hackers. We can confirm that there was also a hacker attempt against the AVAST site – we assume from the same group – but we took immediate steps and therefore were able to contain it.
According to published reports, the hacked companies’ accounts, used to manage their DNS records at their vendor, Network Solutions, have been reset. This allowed the hackers to take control of the websites in question. It’s unlikely that any of the sites that were attacked lost control of any of their own servers, so customer data most likely was not compromised.
“We ourselves received a notification from Network Solutions saying our email had been changed. We knew we had not requested that so we immediately took action and changed our passwords, which protected us,” said Vincent Steckler, AVAST CEO
Whoever the employee was at Avast who spotted the suspicious email change notification from Network Solutions, they should be commended for his or her prompt action, as it certainly helped avoid what could have been an embarrassing incident for the security company.
It’s a timely reminder for all companies about the part that people can play in securing your business. You can have all the technology in the world, but sometimes old-fashioned human vigilance can be the difference between a serious security incident and an attempted attack being foiled.
Maybe Avast CEO Vincent Steckler will thank the person who realised the account change was suspicious by buying them a beer – if Avast has any left, of course. :)
Meanwhile, no details have emerged of just how the hackers managed to convince Network Solutions into change the email addresses associated with accounts.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.