Suspected state-sponsored attackers hack FireEye and steal security testing tools
Cybersecurity firm FireEye Inc. has been hacked, as security testing tools were stolen by what the company believes were state-sponsored attackers.
Those behind the attack, who are also described as “a nation with top-tier offensive capabilities,” are said to be “highly trained in operational security and executed with discipline and focus” and “operated clandestinely, using methods that counter security tools and forensic examination.”
The attackers specifically targeted and accessed FireEye Red Team tools used to test customer security. A red team in cybersecurity is a team of security researchers, usually within a company, who act as adversaries to overcome cybersecurity, focused on the testing of different systems to find weaknesses.
The tools accessed by the hackers mimic the behavior of threat actors and are used by FireEye to provide diagnostic security services to their customers. None of the tools stolen, however, included zero-day exploits, those that haven’t been encountered before.
“We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them,” FireEye Chief Executive Officer Kevin Mandia said in a blog post today. “Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers and the community at large, to use in order to minimize the potential impact of the theft of these tools.”
The countermeasures for the stolen Red Team tools are being made available on FireEye’s GitHub page. The company added that it’s actively investigating the hack in coordination with the U.S. Federal Bureau of Investigation and partners, including Microsoft Corp.
Investors we not pleased with the news. Shares in FireEye dropped more than 7% in after-hours trading.
“If a nation-state with all of its resources targets an organization, the chances are very high that the adversary will be successful,” Rick Holland, chief information security officer and vice president strategy at digital risk protection solutions company Digital Shadows Ltd., told SiliconANGLE. “Intelligence agencies can accomplish their missions, so defenders ultimately have to fall back to detection and response. Any organization can be compromised; it is how you respond to an intrusion that determines its severity.”
Holland said that if the tools make their way into the public’s hands, the impact could be a big problem. “We have seen the damaging impact of Hacking Team and the NSA’s EternalBlue tool leaks and disclosures,” he said. “If these tools become widely available, this will be another example of the attackers’ barrier to entry getting lower and lower. The bottom line here: These tools making into the wrong hands will make defenders’ lives more challenging.”
Photo: Ordercrazy/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU