Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
2 days in the life of the company that shook the world of cybersecurity.
On Saturday, September 14, Doctor Web's specialists recorded a targeted attack on its infrastructure. Malicious actions were promptly suppressed, and the protection worked at the proper level: users of Dr.Web anti-virus products were not affected.
In accordance with the current security protocols, all company resources are temporarily disconnected from the network for a thorough inspection. In this regard, the release of updates to the Dr.Web virus databases was suspended for more than a day.
The company said that a specialized service Dr.Web FixIt! is used to diagnose and eliminate the possible consequences of the attack. As part of the acceleration of the scan, a pre-release version of the utility for Linux was used, which significantly increased the speed of system analysis and recovery. At the moment, the release of virus databases has been fully resumed, and the company is taking prompt measures to restore the operation of all systems.
The company's statement and the current situation raised questions among cybersecurity specialists, as such a delay could indicate the seriousness of the incident. Experts point out that two news items were published on the company's official website [ 1 and 2 ], but they do not contain a detailed description of what happened.
According to industry experts, Dr.Web said that it had kept the situation under control from the very beginning, but at the same time reported that the company's servers were shut down for comprehensive diagnostics only 2 days after the attack. The attack began on September 14, but the first signs of external interference in the infrastructure were detected only on September 16, after which the servers were shut down.
Dr.Web also stated that it closely monitored the threat and then successfully localized it. However, details regarding the nature of the threat and possible consequences remain undisclosed. This gives rise to various versions and speculations, but there have been no official comments on this matter from the company.
The current situation raises questions about whether the company's internal systems were penetrated and how serious the incident was. At the same time, experts are waiting for a more detailed report from Dr.Web on the causes and consequences of the attack, as well as on the results of the investigation.
Source
On Saturday, September 14, Doctor Web's specialists recorded a targeted attack on its infrastructure. Malicious actions were promptly suppressed, and the protection worked at the proper level: users of Dr.Web anti-virus products were not affected.
In accordance with the current security protocols, all company resources are temporarily disconnected from the network for a thorough inspection. In this regard, the release of updates to the Dr.Web virus databases was suspended for more than a day.
The company said that a specialized service Dr.Web FixIt! is used to diagnose and eliminate the possible consequences of the attack. As part of the acceleration of the scan, a pre-release version of the utility for Linux was used, which significantly increased the speed of system analysis and recovery. At the moment, the release of virus databases has been fully resumed, and the company is taking prompt measures to restore the operation of all systems.
The company's statement and the current situation raised questions among cybersecurity specialists, as such a delay could indicate the seriousness of the incident. Experts point out that two news items were published on the company's official website [ 1 and 2 ], but they do not contain a detailed description of what happened.
According to industry experts, Dr.Web said that it had kept the situation under control from the very beginning, but at the same time reported that the company's servers were shut down for comprehensive diagnostics only 2 days after the attack. The attack began on September 14, but the first signs of external interference in the infrastructure were detected only on September 16, after which the servers were shut down.
Dr.Web also stated that it closely monitored the threat and then successfully localized it. However, details regarding the nature of the threat and possible consequences remain undisclosed. This gives rise to various versions and speculations, but there have been no official comments on this matter from the company.
The current situation raises questions about whether the company's internal systems were penetrated and how serious the incident was. At the same time, experts are waiting for a more detailed report from Dr.Web on the causes and consequences of the attack, as well as on the results of the investigation.
Source
