FireEye, a $3.5 billion cyber security giant, has disclosed that it was recently targeted with a massive, specialised and highly sophisticated cyber attack. The attack is said to have been specifically tailored to breach FireEye’s own defences, and included highly sophisticated techniques that FireEye claims had so far not been seen before in the usual swarm of cyber attacks that occur every day. Given that FireEye is one of the world’s biggest cyber security firms, that inference is cause for concern.
What the hack took
Compounding on the threat, FireEye CEO Kevin Mandia further states that after studying the hack’s forensics, the company has concluded that this activity was enforced by a nation state-backed hackers, who were very specific, highly advanced and purpose-driven in their attack. “The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past,” Mandia adds.
The hack targeted the FireEye Red Team hacking tools, which are typically used in conjunction with a honey pot to assess evolving and zero-day security threats. Such tools are often designed to soak-test enterprise security, and given FireEye’s extensive clientele, raised cause for significant concern. On this note, Mandia adds, “we are proactively releasing methods and means to detect the use of our stolen Red Team tools.
“We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools. We have seen no evidence to date that any attacker has used the stolen Red Team tools. We, as well as others in the security community, will continue to monitor for any such activity,” he sums up.
The real impact of such an attack
Like numerous times before, this particular hack yet again underlines the severity that orchestrated cyber attack campaigns contain. Such state-backed hacker campaigns are typically not aligned for financial gains. In most cases, such campaigns work as slow burners, where nation-backed attackers infiltrate sensitive infrastructure systems to withdraw secret information, or at its alarming worst, gain control of a critical system. In others, such as this, campaigns are directed at drawing gains in the form of advanced cyber warfare tools. The FireEye security tools, for instance, would have been critical in protecting large, global corporations from persistent malware threats, remote attacks and other innumerable forms of cyber threats.
While Mandia maintains that no direct impact of the attack has been observed immediately, the evolving nature of cyber warfare is an alarming undertone, indeed. Given the constant barrage of zero-day exploits and unknown cyber surveillance and infiltration tools that are developed by nations as well as the underworld, hacks such as the latest FireEye incident can become pivotal points for the global security community to learn and advance from.