Bitdefender

Last updated

Bitdefender
Company type Private
Industry Computer software
FoundedNovember 6, 2001;22 years ago (2001-11-06)
FounderFlorin Talpeș
Headquarters Bucharest, Romania
Area served
Worldwide
Key people
Florin Talpeș (CEO)
Products Cybersecurity software
Services Computer security
Number of employees
1,800+ (2023)
Website www.bitdefender.com OOjs UI icon edit-ltr-progressive.svg

Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East. [1] [2]

Contents

The company was founded in 2001 by the current CEO and main shareholder, Florin Talpeș. Bitdefender develops and delivers cybersecurity products and services, including endpoint protection, cloud and managed security, antivirus software and IoT security. Bitdefender products are distributed through partners in over 150 countries [2] and the US market is estimated to generate more than 40% of its revenues. As of 2023, the company employed more than 1,800 people worldwide. [2]

History

Bitdefender software was originally developed by SOFTWIN, a company founded in 1990 in post-communist Romania. It was originally sold as AVX (Antivirus Expert) from 1996 until 2001, when the Bitdefender subsidiary was created, and AVX was rebranded under the Bitdefender name. [3]

Since 2011, Bitdefender has expanded to include consumer and enterprise security products, and in 2021, an extended detection and response (XDR) platform. [4] Like most security suites, Bitdefender’s consumer services are managed through an online portal, called Bitdefender Central. [5]

In 2007, Bitdefender became a separate business entity with external capital entry, with Axxess Capital Investment Fund as a key shareholder.

From 2004 to 2015, the company expanded with offices in the United States, Germany, United Kingdom, Denmark, and the Middle East. [6]

The company joined the No More Ransom initiative in 2016, releasing free decryption tools for victims of ransom attacks to decrypt their devices without having to pay to do so. [7] [8]

In 2018, Bitdefender opened a new subsidiary in Australia, through acquisition of assets from SMS eTech. [9] That year, the company also acquired behavioral and network security analysis company RedSocks, [10] and joined the Cybersecurity Tech Accord. [11] [12]

Bitdefender opened its own Security Operations Center in San Antonio, Texas in 2019. Bitdefender signed a multi-year partnership deal with Scuderia Ferrari on September 28, 2022. [13] [14]

Bitdefender’s 2020 research into the Interplanetary Storm botnet proxy network was provided to law enforcement ahead of the FBI dismantling the network in November 2023. [15]

In December 2023, Bitdefender launched Scamio, a free AI-powered scam detector. [16] [17]

In April 2024, Bitdefender announced the launch of Bitdefender Voyager Ventures, a corporate venture capital unit. [18]

Company milestones

2015: Bitdefender creates a new consumer product category with Bitdefender BOX and IoT security services. [19]

2017: Bitdefender makes its first major acquisition by acquiring French partner Profil Technology Source. [20]

British fund Vitruvian buys a 30% stake in the Bitdefender, valuing Bitdefender at more than $600 million. [21]

Controversies and incidents

Trojan.FakeAlert.5

On March 20, 2010, computers running Bitdefender under 64-bit versions of Windows were affected by a malfunctioning update that classified every executable program as well as dll files as infected. These files were all marked as 'Trojan.FakeAlert.5' and were moved into quarantine. This action led to software and systems malfunctions that affected users around the world. [22] Bitdefender representatives announced the removal of the faulty update and a workaround for the users affected, [23] except for those using the 2008 version. [24]

DarkSide ransomware

In 2021, Bitdefender was accused of self-promotion when releasing and publicly announcing a decryptor to the detriment of victims of DarkSide, a hacking group. In 2020, DarkSide switched their main encryption ransomware product over to an "affiliate" model wherein other attackers could download and use their software in exchange for a portion of the profits. However, they introduced a bug in the process where affiliate hackers would all use the same private RSA key - meaning that a decryption package for a single target who paid the ransom would work on any target that had the ransomware installed. Security researchers noticed and were quietly already helping victims of the software, but with no public notice, making it so that the attackers would only see an inexplicable decrease in ransom payments that could be written off as chance. Months later, Bitdefender publicly released a decryptor of their own development and issued a blog post describing the flaw. This was criticized in an article in the MIT Technology Review . The article wrote that Bitdefender's program wasn't even safe - it was flawed and would "damage" files decrypted with it due to bugs within it, unlike the earlier decryptors that had been quietly used. Second, the blog post tipped off DarkSide as to the nature of the flaw; DarkSide promptly patched the bug and sarcastically thanked Bitdefender for pointing it out, then went on with their campaign of extortion. A notable incident that took place after Bitdefender's public disclosure was the Colonial Pipeline cyberattack in May 2021. While the security researchers who had been using the flaw before acknowledge that it's probable DarkSide would eventually have noticed and fixed the issue, they still criticized Bitdefender for using the bug merely for a brief burst of publicity, rather than in the way that would most help victims of the scheme. [25] Bitdefender has defended their actions on their blog, saying that they only wished to make as many organizations as possible aware of the existence of the bug in DarkSide's ransom attacks. [26] The article and blog post triggered a discussion among cybersecurity professionals about the pros and cons of publicly disclosing such vulnerabilities in malware. [27]

Awards

Bitdefender has won a number of awards from AV-Comparatives, an anti-virus assessment firm. [28] [29]

See also

Related Research Articles

<span class="mw-page-title-main">ESET</span> Slovak internet security company

ESET, s.r.o., is a software company specializing in cybersecurity. ESET's security products are made in Europe and provides security software in over 200 countries and territories worldwide. Its software is localized into more than 30 languages.

<span class="mw-page-title-main">Avast</span> Czech security software company

Avast Software s.r.o. is a Czech multinational cybersecurity software company headquartered in Prague, Czech Republic, that researches and develops computer security software, machine learning, and artificial intelligence. Avast has more than 435 million monthly active users and the second largest market share among anti-malware application vendors worldwide as of April 2020. The company has approximately 1,700 employees across its 25 offices worldwide. In July 2021, NortonLifeLock, an American cybersecurity company, announced that it was in talks to merge with Avast Software. In August 2021, Avast's board of directors agreed to an offer of US$8 billion.

Ransomware is a type of malware that permanently blocks access to the victim's personal data unless a "ransom" is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Fortinet, Inc. is a cybersecurity company with headquarters in Sunnyvale, California. The company develops and sells security solutions like firewalls, endpoint security and intrusion detection systems. Fortinet has offices located all over the world.

<span class="mw-page-title-main">AVG Technologies</span> Brand of cybersecurity, privacy, performance and utility applications

AVG Technologies B.V. is a brand of cybersecurity, privacy, performance and utility software applications for desktop computers and mobile devices developed by Avast, a part of Gen Digital. AVG was a cybersecurity software company founded in 1991 and it merged into Avast following an acquisition in 2017. It typically offers freeware, earning revenues from advertisers and from users that upgrade to paid versions for access to more features.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Bleeping Computer is a website covering technology news and offering free computer help via its forums that was created by Lawrence Abrams in 2004. It publishes news focusing heavily on cybersecurity, but also covers other topics including computer software, computer hardware, operating system and general technology.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

<span class="mw-page-title-main">WannaCry ransomware attack</span> 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It was propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

Jack Cable is an American computer security researcher and software developer who currently serves as a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency. He is best known for his participation in bug bounty programs, including placing first in the U.S. Department of Defense's Hack the Air Force challenge. Cable began working for the Pentagon's Defense Digital Service in the summer of 2018.

REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.

Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States.

Emsisoft Ltd. is a New Zealand-based anti-virus software distributed company. They are notable for decrypting ransomware attacks to restore data.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.

DarkSide is a cybercriminal hacking group, believed to be based in Russia, that targets victims using ransomware and extortion; it is believed to be behind the Colonial Pipeline cyberattack. It is thought that they have been able to hack and extort money from around 90 companies in the USA alone. The group provides ransomware as a service.

On 2 July 2021, a number of managed service providers (MSPs) and their customers became victims of a ransomware attack perpetrated by the REvil group, causing widespread downtime for over 1,000 companies. The attack was carried out by exploiting a vulnerability in VSA, a remote monitoring and management software package developed by Kaseya. Two suspects were identified and one sentenced.

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.

Vice Society is a hacking group known for ransomware extortion attacks on healthcare, educational and manufacturing organizations. The group emerged in the summer of 2021 and is believed to be Russian-speaking. Vice Society uses double extorsion and does not operate a ransomware as a service model.

Thanos is a malicious ransomware. According to the FBI, it was created by Venezuelan-French cardiologist Moises Luis Zagala Gonzalez. The malware first appeared around February 2020, and is written in the programming language C#. It works by fully encrypting the victim's files and asking for a specific sum of money, usually via CryptoCurrency such as Bitcoin. The ransomware is known to be highly advanced; evading antivirus software by rebooting the computer on safeboot. It also has a customisable interface where the attacker can modify the ransomware message, choose whether the malware will self-delete after attacking, and more. Zagala advertised the ransomware on various darknet marketplaces, where Cybercriminals are known to meet. Zagala also created Jigsaw v.2., a successor to the Jigsaw ransomware, which worked similarly to Thanos by encrypting the victim's files and asking for a ransom. This time, however, if the user tried to remove the malware from their computer or tried to reboot it, the software would "punish" the victim by erasing the entire harddrive. Emisoft released a decryptor key for Jigsaw v.2. in 2019.

References

  1. "Interview with Florin Talpes, CEO at Bitdefender". Archived from the original on 2 November 2013. Retrieved 20 July 2015.
  2. 1 2 3 "Bitdefender Long Description". Bitdefender. Archived from the original on 5 February 2011. Retrieved 31 July 2017.
  3. "Definition of: Bitdefender". PC Magazine Encyclopedia. Retrieved 17 May 2019.
  4. "Bitdefender GravityZone Business Security Enterprise Review". PCMAG. Retrieved 21 August 2024.
  5. "Bitdefender Ultimate Security Review". PCMAG. Retrieved 21 August 2024.
  6. "M&A alert. Vitruvian Partners buys stake in Bitdefender from Axxess Capital". Business Review (in Romanian). 1 December 2017. Retrieved 15 January 2021.
  7. Lakshmanan, Ravie (19 September 2022). "Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware". The Hacker News. Retrieved 8 August 2024.
  8. "What is a ransomware decryptor?". 10 January 2024. Retrieved 8 August 2024.
  9. "Romania's Bitdefender buys Australian partner SMS eTech". seenews.com. Retrieved 15 January 2021.
  10. Kass, D. Howard (23 October 2018). "Bitdefender Acquires Network Security Analytics Startup RedSocks in Expansion Push -". MSSP Alert. Retrieved 26 July 2024.
  11. "Signatories". Cybersecurity Tech Accord. Retrieved 26 July 2024.
  12. "Tech companies sign cyber accord". Information Age. Retrieved 26 July 2024.
  13. "Bitdefender Team Partner - Ferrari.com". www.ferrari.com. Retrieved 10 October 2022.
  14. "Bitdefender's Partnership with Scuderia Ferrari". Bitdefender. Retrieved 10 October 2022.
  15. "District of Puerto Rico | Russian and Moldovan National Pleads Guilty to Operating Illegal Botnet Proxy Service that Infected Tens of Thousands of Internet-Connected Devices Around the World | United States Department of Justice". www.justice.gov. 14 November 2023. Retrieved 19 July 2024.
  16. Rees, Ali (13 December 2023). "Meet Scamio, Bitdefender's new free AI scam detector". ReadWrite. Retrieved 21 August 2024.{{cite web}}: CS1 maint: url-status (link)
  17. "Bitdefender's Scamio Integrates With WhatsApp In Australia". 27 May 2024. Retrieved 21 August 2024.
  18. Bains, Roshini (24 April 2024). "Cybersecurity firm Bitdefender launches CVC -". globalventuring.com. Retrieved 5 August 2024.
  19. "IoT News - Bitdefender BOX : the ultimate security solution for smart home environments?". IoT Business News. 6 December 2017. Retrieved 15 January 2021.
  20. "Romania's Bitdefender buys France's Profil Technology". seenews.com. Retrieved 15 January 2021.
  21. Ilie, Luiza (1 December 2017). "Vitruvian buys 30 pct stake in Romanian cyber security firm Bitdefender". Reuters. Retrieved 19 January 2023.
  22. McMillan, Robert. "Bad Bitdefender Update Clobbers Windows PCs". PC World. Archived from the original on 27 October 2010. Retrieved 17 September 2017.
  23. "Trojan.FakeAlert.5 Update issue". Archived from the original on 24 March 2010.
  24. Peter Bright (22 March 2010). "Bitdefender update breaks 64-bit Windows PCs".
  25. Dudley, Renee; Golden, Daniel (24 May 2021). "The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms". MIT Technology Review . Retrieved 25 May 2021.
  26. Bitdefender's Position on Ransomware Attacks and Decryptors
  27. Schwartz, Samantha (21 September 2021). "Is there too much transparency in cybersecurity?" . Retrieved 25 August 2023.
  28. "Awards". AV-Comparatives. Retrieved 15 January 2021.
  29. "Test antivirus software Bitdefender". www.av-test.org (in German). Retrieved 15 January 2021.