From the Depths of the Internet: Hackers Attack Large Cyber Security Company!

FireEye, a major U.S. cyber security company that makes its money protecting high-profile customers, has announced that its systems have been breached by “a nation with world-class attack capabilities”. The hackers succeeded in stealing digital attack testing tools that will be useful to them in attacks around the world.

  #Firewall   #Incident and Problem Management   #Security Awareness   #Security Emergency Concept   #Security Risk Assessment   #Security Strategy Architecture   #Cyber Defense Center  
Markus Kaegi
+41 58 510 16 98
markus.kaegi@umb.ch

FireEye is a publicly traded cyber security company in California, dedicated to the detection and prevention of cyberattacks. It employs 3,200 people, has major global clients such as the financial company JP Morgan Chase and the entertainment company Sony Film, and is known to track down high-profile hacker groups. One such group has now succeeded in turning the tables, at least for the short term. Like many other cyber security companies, FireEye uses digital tools to emulate the tools of hackers. In order to improve the security of customers' IT infrastructures, FireEye uses such tools - just like genuine attackers - to look for weaknesses in their systems. In doing so, the company uses the know-how it has gained from analyzing real hacking tools that have been used in attacks on customers. These so-called “Red Team Tools” are the ones that were stolen.

 

Who is behind the attack?

The hacker attack on FireEye was so sophisticated and successful that the company has sought help from the FBI as well as from sector-related companies such as Microsoft. The Washington Post claims to have found out who is behind the attack: Hackers from a group called APT 29 or "Cozy Bear", which is attributed to the Russian foreign intelligence agency SVR. However, this is only an assumption, albeit a widespread one. FireEye emphasizes that none of the stolen tools use so-called zero-day exploit mechanisms that have secret, unpatched software vulnerabilities as their target - which would make them extremely dangerous. A zero-day vulnerability is a vulnerability in a computer software that is not known to those with an interest in fixing it. As long as the vulnerability is not fixed, it can be used as a gateway in an attack.[ii]

 

300 countermeasures to counteract their own tools

FireEye apparently assumes that the hackers will use their loot themselves, share it with others or make it public. CEO Kevin Mandia announced that FireEye offers more than 300 countermeasures to make it difficult to effectively use the stolen hacking tools. The company has integrated these digital countermeasures, mainly detection and blocking tools, into its own security products, shared them with other companies and made them publicly available.[iii]

The attack has also brought rumors of CIA involvement in FireEye back to the surface. However, the company has always stressed that this is not true. The company is solely concerned with protecting its customers, regardless of any governmental agencies, FireEye says.

 

Hackers know no national borders

Because cyber criminals operate without regard for borders, the FireEye hack could also have an impact in Switzerland. According to Maik Paprot, the UMB Security Intelligence Team Leader, there has not yet been a related incident. However, he is of the opinion that cyberattacks are likely to increase in severity and that only clean vulnerability management offers protection against them.

 

Cyber Defense Center: Where Attackers Hit the Wall

If desired, the UMB Cyber Defense Center can take over full responsibility for your IT security. We will secure your IT environment within a short period of time. Our Security Intelligence Team has already taken the necessary steps to safeguard the IT infrastructures of our customers against the new threats that have become known. Please contact us.

 

[ii] https://en.wikipedia.org/wiki/Zero-day_(computing)

[iii] https://github.com/fireeye/red_team_tool_countermeasures