FireEye, the Cybersecurity Giant alerts the community by sharing the breach data
One of the Cyber Giants, FireEye was recently attacked by hackers with their own tools. Hackers attacked the security system and stole the “Red Team Tools” and no unauthorized access to the clients’ security system has been reported since the incident. The ‘Cyber Giant’ reported that this attack is one of its kinds among the 10,000 attacks they fixed throughout this year.
The hackers used a novel combination of techniques to steal the tools and the report states that their primary aim was to hack into the “Red Team tools” and expose them publicly. However, the company has secured their customers’ data with the counter measures and is reporting the incident to inform and alert the fellow community. The investigations have revealed that the attackers may be Russian-based and the firm believes it was targeted for reporting different attacks on other governments.
FireEye has published the countermeasures in GitHub for any attacks through the tool to secure their customers in case of any attacks through the stolen tools.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”- Kevin Mandia
FireEye has also shared their counter actions on the attack to warn and secure the community form any such attack in the future:
We have prepared countermeasures that can detect or block the use of our stolen Red Team tools.
We have implemented countermeasures into our security products.
We are sharing these countermeasures with our colleagues in the security community so that they can update their security tools.
We are making the countermeasures publicly available in our blog post, “Unauthorized Access of Red Team Tools”.
We will continue to share and refine any additional mitigation for the Red Team tools as they become available, both publicly and directly with our security partners.
Though incidents such as attacks using proprietary red team tools are extremely rare, it does pose some serious data theft and unauthorized access to adversaries. Being a pioneer in cybersecurity, FireEye managed to dodge the adverse effects with quick incident response. Though it’s difficult to secure your infrastructure from such attacks, you can greatly minimize the risk of compromise through regular Penetration Tests and Red Team engagements.
A regular PT (Penetration Testing) and a complete Red Team Exercise quarterly can help with identifying such attacks and breaches.
We, at Strongbox IT, ensure that we run periodical PT and Red Team exercises to check for any vulnerability. Our dedicated Red Team performs regular exercises on our customers’ system and infrastructure to identify and fix any critical vulnerability. FireEye’s story on the breach is an eye-opener for the entire IT community and emphasizes the importance of being ready for the future.
Reference:
https://news.yahoo.com/3-5-billion-cybersecurity-giant-215152482.html?guccounter=1
