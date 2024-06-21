"But deliberate seeding of such capabilities via a commercially available product is only the tip of the iceberg. In their report on zero-days exploited in the wild in 2023, Surveillance Giant Google noticed a marked increase in attacks against enterprise security software, including detection and response, VPN, and firewall operating systems.

"Left unchecked, this rise in exploits could provide attackers the same privileged access they would have had if administrators installed compromised software.

"As threat actors become more sophisticated and look to privileged services such as security software to gain and maintain persistent access, the cyber security community needs to rethink the way we consider security solutions. The cyber security community, particularly in the high-threat sectors of government and critical infrastructure, must consider innovative solutions like using fixed-function, deterministic components such as FPGAs rather than malleable software solutions to enforce critical security functions.

"If we don’t fundamentally rethink the way we approach and enforce security, our most sophisticated adversaries will continue to subvert the software meant to keep us safe – whether it’s by shipping compromised software or attacking and compromising legitimately-developed solutions.”

Kaspersky has made no public comment on the development. iTWire has contacted the company for comment.