It’s Not Me, Anti-Virus, It’s you:

Why an imminent break-up with anti-virus as a security solution is a good idea.

Small and medium business owners may want to re-think their belief that anti-virus gives them the protection they need after three major AV companies were breached by a high profile Russian hacking group. 30 terabytes of stolen internal corporate documents and anti-virus source code are for sale in criminal marketplaces, and this isn’t the first time reputed security companies have failed to keep criminal hackers out of their networks. Consider this the bold exclamation point to a long-overdue conclusion that traditional AV security is far from the protection small and medium business owners need.

This all played out in March 2019 when a Russian hacking group, Fxmsp stated they “could provide exclusive information stolen from three top antivirus companies located in the United States.” This group of cyber-criminals has a long-standing reputation for selling sensitive information stolen from high profile government and corporate entities. Over the last two years they have sold verifiable corporate breaches for a profit of nearly $1 million. A threat research firm, AdvIntel, verified that the group had source code related to the companies anti-virus software development and notified “the potential victim entities” which were Symantec, Trend Micro, and McAfee.

What happens next is something anti-virus consumers should pay close attention to. Symantec performed a self-assessment and downplayed any potential damage. Similarly Trend Micro also claimed this was a low risk breach. McAfee neither confirmed nor denied the breach and only commented they are aware of the threat claim and are taking steps to monitor and investigate. So the three major AV vendors that were breached all promised transparency during a self assessment of impact and downplayed the damage. This type of response is straight out of the Breach 101 playbook, so as the truth comes out overtime it will be “old news” that doesn’t need to be covered and everyone will return to business as usual. Except these are the guys selling cyber-crime consumer protection.

So what does that protection look like in the future? It’s hard to say how these three vendors will prevent the stolen source code from being exploited. Third party endpoint security is a sizable attack surface because systems have to trust and empower it to keep them safe. Maybe it’s time for small and medium business consumers to re-evaluate that trust and their relationship with anti-virus, and move on to enterprise-grade solutions like Ostra.