None of us is safe: Major cybersecurity company hacked

Kaspersky Lab detected a sophisticated and expensive hack it says was carried out by a country.

Laura Hautala
Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials 2022 Eddie Award for a single article in consumer technology
2 min read

Kaspersky Lab detected a sophisticated and expensive hack on its systems.
Kaspersky Lab announced Wednesday it had detected a sophisticated and expensive hack on its systems. Benjamin Howell/Getty Images

Guess what: Even the best security companies can be hacked.

That's what Moscow-based Kaspersky Lab said Wednesday when it announced its systems had been attacked, most likely by hackers working on behalf of a country.

Kaspersky customer's data is safe, the company said. The sophisticated attack stayed away from user information and focused instead on Kapersky's own systems and intellectual property, the company said. The company has since fixed the hole that allowed for the attack.

The attack isn't the first that's targeted Kaspersky, but it highlights how prolific hacking has become, and how vulnerable even the most knowledgeable and prepared companies are. Of course, everyone else is in an even bigger pickle. Attacks are happening to companies small and large every day, and they've even been able to break into US government computers.

Verizon Enterprise Solutions estimated that 700 million compromised records from companies around the world led to losses of $400 million in 2014. The information was based only on the 70 organizations that contributed information to their annual study, so the total figure is likely much higher.

The hackers were "a generation ahead of anything seen," Kaspersky said in a lengthy explanation of the hack on its website. The attackers used a method that preys on "zero-day" vulnerabilities, or holes in software that developers don't know exist. They left few traces too.

Kaspersky won't name which country it thinks attacked them, but it has pointed fingers at Israel, the United Kingdom and the United States in past reports on cyber espionage.

The company said venues that hosted talks about Iran's nuclear program were also targeted by the attack. Additional targets were identified throughout the world in Kapersky's investigation, and the sheer cost of the infrastructure required to carry out the attack led the company to believe a government was responsible.