Cybersecurity Firm FireEye Is Breached in an Unprecedented Hacking Attack
Cybersecurity firm FireEye has been a frontline defender for government agencies, major companies, and various other victims that have been hacked. They’ve now become the victims.
It is believed that the firm was infiltrated by a nation-state--presumably Russian intelligence--rather than individual hackers.
This type of breach could have lasting implications for a wide range of people.
Kevin Mandia Sounds the Alarm
In a blog post, FireEye CEO Kevin Mandia said his company was attacked by a “highly sophisticated threat actor,” which led him to believe that it was a “state-sponsored attack.”
They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.
He even claimed it was an attack from a nation with “top-tier offensive capabilities.”
He said that the hackers ran off with “certain Red Team assessment tools.” FireEye uses these tools to mimic the behavior of hackers and to diagnose threats for clients. The attackers can now exploit these diagnoses.
FireEye Goes on the Defensive
Although Mandia has yet to witness the use of any of these tools, FireEye has been scrambling to recover.
The company has developed “more than 300 countermeasures” for their client-base, including some publically available on GitHub.
FireEye has contacted the FBI and companies such as Microsoft to help them counter this breach. According to The New York Times, the FBI has already turned the case over to Russian specialists.
The NYT concluded this evidence points to “Russia’s intelligence agencies” as the primary culprits.
The attackers, whoever they are, seemed to be especially interested in government agencies.
But as one of the nation’s leading cybersecurity firms, FireEye’s breach could affect far more than the government.
What Are ‘Zero-Day Vulnerabilities’ and Could They Affect You?
Mandia also acknowledged that the hackers escaped with “zero-day vulnerabilities.” These are vulnerabilities, likely found in various apps and platforms used by FireEye’s clients, that have no patches in place to fix the flaw.
According to cybersecurity giant Norton, hackers will use these flaws to engage in a “zero-day exploit.”
Check out FireEye’s own description of a zero-day attack:
In 2010, Iran fell victim to a zero-day exploit. During a visit from the International Atomic Energy Agency, centrifuges at the Natanz uranium enrichment plant began failing at an unprecedented rate. It was later discovered that the plant was attacked by self-replicating digital weapons, known as “Stuxnet,” that disrupted the power plant.
While it’s not clear exactly what zero-day vulnerabilities were stolen from FireEye, the $3.5 billion firm has had a wide range of clients. From Equifax to Sony to Stater Bros grocery stores to universities to various hospitals and banks across the world, the potential fallout could be massive.
Could sensitive details of these companies’ clients be leaked or stolen? It’s certainly possible, and at the very least, these customers’ health, financial, and personal details are vulnerable.
It’s not immediately clear if FireEye’s countermeasures have addressed all of the zero-day vulnerabilities exposed in the attack. Also unclear is exactly when this hack took place, and therefore, how long the attackers have had to exploit these vulnerabilities.
There are several ways you can check if you’ve been hacked and various preventative steps you can take to protect yourself.
We will update this article with information as it surfaces.
Featured image by Tada Images from Shutterstock.com.