Silicon Valley company FireEye, who is often on the front lines of defending companies and critical infrastructure from cyberattacks, has been breached by hackers.
Kevin Mandia, CEO of FireEye, confirmed the news, noting the breach was conducted by highly sophisticated cybercriminals, "one whose discipline operational security, and techniques" led them to believe it was a state-sponsored attack with "top-tier offensive capabilities."
According to Mandia, attackers operated clandestinely, using methods that counter security tools and forensic examination, using a novel combination of techniques not witnessed before. FireEye is coordinating with the Federal Bureau of Investigation (FBI) and other key partners, including Microsoft. Initial analysis conducted reveals that the hack was indeed the work of a state-sponsored attacker.
The hackers targeted and accessed "Red Team" assessment tools that the company uses to test their customers' security, and mimic the behavior of cybercriminals. None of the tools contain zero-day exploits, Mandia said.
Although there is no evidence to data that the attackers have publicly disclosed or used these tools, FireEye has developed many countermeasures for its customers to minimize the potential impact of the theft. Mandia also noted that the attacker primarily sought information related to certain government customers, as is consistent with a nation-state cyberespionage attack.
Rick Holland, Chief Information Security Officer, Vice President Strategy at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, explains, “If a nation-state with all of its resources targets an organization, the chances are very high that the adversary will be successful. Intelligence agencies can accomplish their missions, so defenders ultimately have to fall back to detection and response. The adage, "those who live in glass houses should not throw stones," applies here. Any organization can be compromised; it is how you respond to an intrusion that determines its severity."
Holland adds, "Hopefully, these tools don't make their way into the public's hands. We have seen the damaging impact of Hacking Team and the NSA's EternalBlue tool leaks/disclosures. If these tools become widely available, this will be another example of the attackers' barrier to entry getting lower and lower. The bottom line here: these tools making into the wrong hands will make defenders' lives more challenging.”
Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, says it's very interesting that [hackers] stole the red team toolkit from FireEye. "Most likely they plan to use this commodity type tooling to cover up their tracks so as to not expose their own custom tools and save those for special attacks or second stage attacks," he says.
Eric Noonan, CEO of CyberSheath, notes, "It's a bit early to say how this breach will impact government agencies, but this certainly validates the recent efforts by the Department of Defense to shore up their supply chain and enforce cyber security minimums under the cybersecurity maturity model certification (CMMC) initiative which went into law just last week. There is a sense of urgency around cybersecurity that is largely missing as we have become numb to these types of attacks but if you look at the kind of information that was stolen in the OPM hack of 2014 and the Equifax hack of 2017 and now FireEye there should be a coalition of the willing around the globe working together to define acceptable behavior and rules of engagement for cyber. There is a real opportunity for leadership here politically if the United States is willing to step up to the plate and do the work required."