Date: 8th Dec 2020
Attack/Breach Status: Successful
Severity Impact/Potential: High
Headlines: FireEye, one of the largest cyber security firm, got hacked
On Tuesday, FireEye, which is one of the largest cyber security company in United States, confirmed that they have been hacked.
This incident was first disclosed by CEO Kevin Mandia through a blog post with the title “Unauthorized Access of FireEye Red Team Tools.”
The stolen Red Team tools are confirmed to be sophisticated in nature which includes set of scripts, scanners & tools that were built to test and improve the security of IT infrastructure of FireEye clients.
Currently FireEye being one of niche cyber security firm, offers their solutions and services across the globe including Government and National Security space including United States and its allies.
As per FireEye, attack suspected to be carried out by Nation state government organization.
Although modus operandi against these stolen tools are not known, same can be either with the objective of disclosing these sophisticated tools in public or making use of this silently to exploit vulnerable systems across the globe.
To minimize the impact of usages of these sophisticated tools by wrong people with wrong intentions, FireEye have taken almost 300 countermeasures for their customers and also published the signature publicly so that other solution providers can detect any attempt of exploit from these tools.https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
Leading Security Assessment and Red Team tools, exploit lack of best practice, mis-configuration and unpatched system.
Organization should have a robust security framework which can detect and prevent not just the known threats but should also develop capabilities to detect and prevent unknown and zero-day threats, and following measures are necessary to ensure you are protected:
- Make a strict patching strategy to test and deploy the patch update as soon as it is released.
- Ensure you have Intrusion detection and prevention capabilities at Network as well as Host level. A Next-gen Firewall and endpoint security solution can be assessed on these capabilities. Some of modern solutions make use of decoy and deception capabilities to counter the same.
- Deploy security solutions which detect threats not just based on signatures but should also incorporate heuristic and behaviour-based detection. Next-gen AV and EDR comes with similar capabilities.
- Add custom capabilities in the solution to detect and block tool, scripts, hashes poses threats to your organization.