Thіѕ аrtісlе іѕ a соntrіbutіоn frоm оur tесhnісаl tеаm that discuss about the FireEye hack incident.


Introduction

FireEye, the cybersecurity company businesses run to in times of IT security crises, was at the receiving end of a cyberattack. It was revealed by FireEye CEO Kevin Mandia in a blog post that the company has fallen prey to a “sophisticated threat actor” that was most likely “state-sponsored”.

Founded in 2004, California-based FireEye specializes in detecting and preventing cyberspace attacks against companies and governments throughout the world. It is being hailed as one of the fastest-growing cybersecurity firms in the industry.

Details of the hack

Confirming the data breach, Mr Mandia confirmed that the attack was perpetrated “by a nation with top-tier offensive capabilities”. Although Mr Mandia refrained from blatantly naming the said nation-state, evidence pointed to intelligence agencies backed by Russia. The company deliberated that the hackers employed a “novel combination of techniques not witnessed by us or our partners in the past”. The attackers did away with the hacking weapons utilized typically by the “Red Team”, FireEye’s offensive division that carries out mock cyberattacks to find potential vulnerabilities and weaknesses of a client.

FireEye reported this incident to the FBI as well as informed industry partners, including Microsoft, about the breach. Microsoft was assisting FireEye with the investigation.

According to FireEye, the most worrying part is the plundering of its hacking arsenal as it provides a potent selection of new techniques in the hands of malicious actors. However, the company refused to share when the breach took place or how it was alerted.

The evolving threats of cybersecurity

The pandemic and ensuing attacks on IT systems across the world also bring forth a moment of reckoning. The primary concerns shed light on three important areas.

The first is the growing rise in sophistication of state-sponsored cyberattacks. The most recent attacks on US Treasury and Government organizations, SolarWind security firm, and of course, FireEye. On a national level, governments must be prepared to defend their network from covert and ill-intent operators. Even more worrying is that one data breach at the level of a Government agency or security firm can leave even more customers under threat.

The dimensions of cyberattacks are steadily developing owing to the rising privatization of such attacks through new-generation private entities, much like the 21st-century mercenaries. This development has attained a point where it got its unique acronym – PSOAs or ‘Private Sector Offensive Actors’. This again represents another alternative for nation-states to hire or even build the tools necessary for launching a refined cyberattack. And history stands testament to the fact that money can easily buy services of any sorts. This second concern certainly adds a new threat to the evolving threat landscape of cybersecurity.

The third aspect underlines the rising attack on healthcare service providers worldwide, from the World Health Organization (WHO) to local governments. Also, companies developing vaccines were targeted repeatedly. Three nation-state threat actors have been identified to be targeting seven prominent players involved in vaccine research and COVID-19 treatment.

Put together, these three agonizing trends bring into focus a cybersecurity landscape that gets, even more, intimidating in 2021. The determined attackers are honing their tools to come up with even more complex attacks on vulnerable networks. The risks are building up as new private sector entities are aiding and abetting attackers. 

What does the FireEye attack mean for you? Should you be worried?

The theft of critical “Red Team” tools, allegedly by the Cozy Bear group from Russia, poses a comparatively lesser threat to most organizations. The real lesson is that anyone, individuals and enterprises, can be hacked.

Cybersecurity experts don’t think that most of us should be worried about any type of cyber-apocalypse from this attack, even if these tools get released publicly. In layman terms, it means IT security divisions and IT security organizations must keep up the good work they are doing. Managing patch rollouts within a reasonable period, having plausible alerting infrastructure for firewalls/IPS/IDS, as well as sensible management of IT assets to reduce risks to enterprises, all this and more must be achieved and implemented by IT security service providers.

Advice from Condition Zebra

At Condition Zebra, we focus on providing end-to-end threat detection and prevention solution for businesses with a categorical focus on Network Security and Penetration Testing for IoT, VPN, Web, Network, and general PenTesting.

We are offering FREE Penetration Testing limited time offer, check out the link below:

Click here to claim your Free Penetration Testing


Finally, during these times of COVID-19, we have adapted to Online Training to provide a safe alternative for our usual, customized, in-depth IT security training for IT Professionals, our clients and business partners. This training includes additional mentoring sessions are crafted to help IT professionals, to hone their skills.

Click here to learn more about our Online Training for 2021.