Last week, a bombshell shook the information security community: FireEye, an American multinational with 16 years of experience in the cybersecurity market, revealed to have been the victim of a cyber incident. According to a note published by the company itself, it would have been attacked by a “sophisticated group of hackers”, possibly of state origin, who stole intrusion tools used by their red team services team.
The community, obviously, went on red alert – red team tools are nothing more than real weapons used by ethical professionals to test the degree of security of clients (with their due permission). In the wrong hands, they can become highly destructive. To give you an idea, in fact, several FireEye customers are government agencies and other large corporations.
“Recently, we were attacked by a highly sophisticated malicious actor whose discipline, operational security and techniques lead us to believe that this is a state-sponsored attack. This attack is different from the tens of thousands of incidents that we have responded to over the years, ”said Kevin Mandia, in another note released later.
“The attackers adapted their capabilities specifically to target and attack FireEye. They are highly trained in operational safety and perform with discipline and focus. They operated clandestinely, using methods that opposed security tools and forensic examinations. They used a new combination of techniques not witnessed by us or our partners in the past ”, explains the executive.
Okay, don’t panic …
It is difficult to remain calm with Kevin’s pronouncement, but it seems that there is no reason to panic. Although the attackers have, in fact, obtained such red team tools, everything indicates that they were really targeting information about FireEye government customers – something the company strongly denies that they have been successful.
Covering the incident, The Washington Post, citing “sources close to” the cybersecurity giant, said there were indications that the attackers were members of APT29 or Cozy Bear, Russia’s state hacker group. FireEye says there is no evidence, so far, that they intend to use the stolen tools – and if they do, the brand has already made available more than 300 “countermeasures” free of charge for companies to avoid such attacks. None of the tools use zero-day vulnerabilities.
These countermeasures include – but are not limited to – disclosure of signatures, scripts and codes of the compromised tools, so that security teams can quickly identify attacks carried out by themselves. Some endpoint protection solutions, such as those from Malwarebytes, have even incorporated this “DNA” information to protect their consumers.
It is interesting to note that, over the past few years, Information security companies are, ironically, becoming targets of cyber attacks. In 2019, another Russian group claimed to have invaded McAfee, Symantec and Trend Micro; this year, SANS was the victim of a data leak. That, of course, not to mention that in 2017, the United States’ National Security Agency (NSA) itself also had spy tools diverted by the Shadow Brokers team.
Everything indicates that digital miscreants have realized that it is much more profitable to infiltrate those who defend directly than to fight against them to attack their final victims. The Hack conducted a quick survey with 110 Brazilian information security executives and, for 73% of them, attacks directed at companies in the industry is indeed a natural trend, as cybercriminals realized the advantages of compromising this type of enterprise.
The Hack contacted FireEye’s board in Latin America for further clarification, but the company did not respond until the closing of this report.
Source: The Washington Post, CSO Online, Dark Reading, Malwarebytes
See the original post at: https://thehack.com.br/fireeye-invadida-afinal-devemos-nos-preocupar/?rand=48873