Operative Ethan Hunt is blamed for a terrorist attack and is forced to go off the grid and team up with other fugitive operatives to prove their innocence. Unfortunately, cyber espionage and hacking are not only happening in movies.
FireEye, one of the world’s largest cybersecurity firms, became the latest victim of hacking. You heard that right, a cybersecurity firm was hacked! And it seems like the perpetrators went on a sophisticated hacking spree for some time. FireEye’s systems are used by hundreds of thousands of institutions globally, including most Fortune 500 companies and multiple U.S federal agencies which are now scrambling to patch up their networks.
How did this attack come about?
After examining 50,000 lines of code of Solar Winds Corp, one of FireEye’s software vendor, a vulnerability was discovered, which the hackers took advantage of to gain access into the system. The stolen data contains the internal, custom-crafted penetration testing tools used by the company to imitate different threat actors during customer security consultations. In other words, FireEye’s “test” hack tools were stolen, and the perpetrators effectively hacked the company’s hacking ability.
There is a saying in the industry that there are only two types of companies – those that have been breached and those who do not know they have been breached. FireEye has taken the right steps by updating the public regularly and working with law enforcement, intelligence community and security partners. The company has not explicitly indicated the party responsible but indicated “top-tier offensive capabilities” of the attackers.
This is a serious data breach that highlights the level of sophistication from some of these rogue players. The good news is that following the hacking of its tools, FireEye has released a set of more than 300 countermeasures and patches to mitigate the exposed vulnerabilities. This incident also demonstrates how even the most sophisticated cybersecurity companies are vulnerable to cyber-attacks.
you To continue fighting cybercrime it is key for the security industry to collaborate and step up their efforts to protect our cyberspace. The threats are growing and always evolving. As Ginny Rometty, Executive Chairman of IBM said: “Cybercrime is the greatest threat to every company in the world.” From an individual perspective, please be careful about emailing sensitive information, giving out personal information, and be on the lookout for hackers, because they are everywhere.