FireEye Breach a Major Concern
December 17, 2020
The cybersecurity firm responsible for safeguarding data at government organizations (including several US federal agencies) and Fortune 500 companies around the world recently announced it suffered a breach. CEO Kevin Mandia tried to downplay the implications and persuade us his company has everything under control, but Tech Central explains “Why Everyone Should Be Worried by the FireEye Hack.” FireEye revealed the attacker was probably a “sophisticated state-sponsored actor,” but Tech Central informs us:
“Reporters with the Washington Post were more specific: It was Russia. And not just any Russians, but a group known as ‘APT29’ or ‘Cozy Bear,’ hackers affiliated with the Kremlin’s intelligence services. Cozy Bear’s pedigree includes past hacks of the US state department and White House during the Obama administration and, perhaps most famously, of the Democratic National Committee’s servers during the 2016 presidential campaign. (Who did the state department and the White House recruit to clean up the earlier breaches? FireEye.) FireEye said the hackers pilfered its so-called ‘Red Team’ tools. That’s the stuff companies like FireEye use to test vulnerabilities of computer networks to make them more resilient. The tools are meant to mimic a complex assault, and now they’re in the hands of a hostile player. FireEye said the hackers focused primarily on information from its government clients, and it released 300 countermeasures for its customers and the public to use against hacks enabled by the stolen tools. The company also said it hadn’t seen any of its tools used yet for break-ins, and none involved ‘zero-day’ exploits. … ‘We do not believe that this theft will greatly advance the attacker’s overall capabilities,’ FireEye noted.”
Readers should take that assertion with a grain of salt; we are told the federal Cybersecurity & Infrastructure Security Agency is not so confident. Cybersecurity vendors seem to be better at marketing than protecting themselves and, by extension, their clients. This PR challenge is high, though, as the company’s stock market dive reveals. We’re reminded FireEye is not the first cybersecurity firm to be hacked. If the guardians themselves are not secure, is anyone?
Cynthia Murrell, December 17, 2020