FireEye, serious cyber attack on the Red Team
What happens if a cyber attack defense tool is also hit by a cyber attack? The problem clearly multiplies, since those who believe they are under guardianship are actually prey to possible silent attacks and risk acting with excessive ease. This is what happened to FireEye and its users, who suddenly found themselves naked in front of external threats by virtue of a high-profile cyber attack that had access to some tools belonging to the group. The first consequence is on FireEye shares, which fell by 7% immediately after the announcement.
FireEye explains that some of these tools had already been released to the Open Source community, while others were still under the full control of the group (and represent the real precious element that got out of hand): none of these bring up zero-day flaws that could therefore open sudden security alarms, nor did they use top secret techniques that could particularly enrich the firepower of an adverse attack. Simply, these are best-practices at the highest levels, useful material to carry out stress tests on large organizations.
"This attack is different from the tens of thousands we have responded to over the years", explained FireEye CEO, Kevin Mandia: The process was highly sophisticated and identification required forensic analysis even with the collaboration of Microsoft and the FBI. The conclusion can only be one: it is an attack carried out by high professionals, sponsored by state structures, with targeted purposes and using new techniques able to escape the controls put in place by the group to defend its systems.
FireEye is now publishing all the actions taken as a countermeasure to what happened, activating continuous monitoring to understand who and how will try to use these tools in the near future.
Source: FireEye
FireEye: what happened
According to what FireEye explained in these hours, a "nation- wide ”managed to get hold of the tools in the hands of the“ Red Team ”with which the security profiles of companies of the enterprise horizon are tested. These tools have been refined over the years to carry out refined screening of the IT systems used by companies, so that they have the possibility to correct themselves where they highlight weaknesses to be concealed from possible external attacks. A varied and refined package of tools, in short, which has now passed into the hands of the "enemy".FireEye explains that some of these tools had already been released to the Open Source community, while others were still under the full control of the group (and represent the real precious element that got out of hand): none of these bring up zero-day flaws that could therefore open sudden security alarms, nor did they use top secret techniques that could particularly enrich the firepower of an adverse attack. Simply, these are best-practices at the highest levels, useful material to carry out stress tests on large organizations.
"This attack is different from the tens of thousands we have responded to over the years", explained FireEye CEO, Kevin Mandia: The process was highly sophisticated and identification required forensic analysis even with the collaboration of Microsoft and the FBI. The conclusion can only be one: it is an attack carried out by high professionals, sponsored by state structures, with targeted purposes and using new techniques able to escape the controls put in place by the group to defend its systems.
FireEye is now publishing all the actions taken as a countermeasure to what happened, activating continuous monitoring to understand who and how will try to use these tools in the near future.
Source: FireEye