The US cybersecurity giant, FireEye, has yesterday released that they have been a victim of a large cyber attack. A couple of weeks ago, we were discussing cybersecurity threats and showing that while AI and other developing technologies present large opportunities for managing risk, as the technology gets smarter, so do the hackers and their methods.
That is unfortunately what Fireye has been a victim of. On Tuesday, the company said that “foreign government hackers with word-class capabilities broke into its network and stole tools it uses to test the defenses of its thousands of customers, who include federal, state and local governments and major global corporations”, as reported by The Guardian
Hackers After Specific Information About Government Customers
It appears that the hackers were mostly interested in specific information regarding certain government customers. While this was confirmed by Kevin Mandia, the CEO of FireEye, he did not provide any information on who those customers are. Having said that, he said that based on preliminary findings, it does not look like the hackers managed to get the customer information from the consulting or incident-response branches of the company. The threat intelligence data FireEye collects also appear to be safe.
Thousands Of Attempted Cyber Attacks Each Year
Companies on a scale of FireEye experience thousands of attempted attacks each year. Thus, it is not the attack that causes upheaval but the fact that it is allegedly conducted by a “nation with top-tier offensive capabilities”, as we can read in Mandia’s statement. He has added that sharing the details will hopefully help the overall industry be prepared for cyber-attacks and defeating them.
The investigation assisted by the FBI and Microsoft is still in very early stages. Thus, we can expect to get more information in the following weeks.
A spokesperson of Microsoft has commented on the attack saying, “This incident demonstrates why the security industry must work together to defend against and respond to threats posed by well-funded adversaries using novel and sophisticated attack techniques,”
Russian Responsibility Assumed?
The president of Rendition Infosec and former NSA hacker, Jake Williams, said, “I do think what we know of the operation is consistent with a Russian state actor. Whether or not customer data was accessed, it’s still a big win for Russia.”
The attack shows that even the giant, sophisticated firms with the highest-quality cybersecurity staff and tools are still prone to cyber-attacks. FireEye was founded in 2004 in California. It has become widely recognized for their investigation into state-backed hacking groups, including the infamous Russian groups attempting to break into the state and local US governments that administer the elections.
The Best In Protecting From Cyberattacks Become Victims Of A Cyberattack
They are known for defending the most important players against cyber-attacks. Hence, we can see the seriousness of the situation when FireEye itself becomes the victim of a breach.
Fireeye has been the first company to link the Sandworm – a hacker group – to the blackouts in Ukraine back in 2015 and 2016. They have also shown the first public evidence showing that a unit of Russia’s GRU military intelligence agency holds the responsibility for attempted sabotage of the Winter Olympics in 2018.
Richard Bejtlich, the former CSO of Mandiant has spoken out about the attack saying, “The most important data that a company like FireEye has is data about its customers. The second most important data they have are the sources and methods they use to protect their customers, like threat intelligence data. Further down the line are the red team tools, where they’re emulating adversaries”
New York Times reports that the hack is the biggest known “ theft of cybersecurity tools since those of the National Security Agency were purloined in 2016 by a still-unidentified group that calls itself the ShadowBrokers.”
