Why the FireEye hack set a new precedent for state sponsored cyber-espionage
When US federal government agencies and more than half of the Forbes Global 2000 list want to bolster their cyber defences, they turn to a trusted and publicly traded cybersecurity company. But what happens when the guardians of high-profile networks become attractive targets, too?
FireEye, one of the largest cybersecurity companies in the US, recently revealed a sophisticated hacker with world-class capabilities had stolen the Red Team tools it uses to test government clients' defences. Traditionally, highly sensitive or valuable client data has been the motive for an attack. On this occasion, FireEye's sources and methods to protect their customers was the target.
The stolen tools were FireEye's secret weapon that enabled them to mimic the methods used in real attacks to identify vulnerabilities in its customers' systems to increase protection from real adversaries. In a blog post, FireEye CEO Kevin Mandia revealed that they "were attacked by a highly sophisticated threat actor whose discipline, operational security, and techniques led us to believe it was a state-sponsored attack."
A cybersecurity game of cat and mouse
Although the hackers reportedly searched for information related to FireEye's government customers, it seems the attackers were not interested in stealing its clients' data. The global community's bigger concern is the prospect of state-sponsored adversaries publicly releasing the tools or even using them to attack businesses and government agencies.
News that one of the world's premier cybersecurity firms had become a victim caused FireEye's share price to sink by 8%.
In its defence, the company reacted quickly with more than 300 countermeasures to detect or block the use of their stolen tools. The team is also working with the FBI and respected partners such as Microsoft, who support their conclusion that the attack came from a highly sophisticated state-sponsored attacker.
The firm also advised that none of the stolen red team tools contained zero-day exploits. The threat of unpatched software vulnerabilities becoming weaponized via such exploits is what keeps the CEO awake at night. Welcome to the age of cyber-insecurity.
A warning that we can minimize risk - but not eliminate it
FireEye is not the first defender to be compromised, and they won't be the last. Kaspersky Lab and Avast are further proof that there is no such thing as an impenetrable defence. Many business leaders fail to grasp that cybersecurity can minimize risk but not eliminate it entirely.
According to the FireEye CEO, the unprecedented attack was different from the tens of thousands of incidents they have defended against. But it could have been much worse.
On this occasion, it seems that it was much more about sending a message of one-upmanship than causing chaos and disruption.
The adversaries fired a state-sponsored warning shot in a digital game of cat and mouse. It should serve as a warning to the security industry on the need for greater collaboration to work together and defend against a new threat.
The physical impacts of the cyber world
We’re all guilty of residing in a digital world filled with a false sense of security. But a combination of prevention, detection, and rapid response will provide the resilience needed to protect your business. As cyber-espionage becomes the norm, governments need extra vigilance when giving the green light to smart city projects.
Analysts predict that 24.1 billion IoT devices will be connected by 2030. Everything from healthcare to the oil-and-gas industry will be embracing converged connectivity. Here in 2020, we have already seen the coronavirus vaccine infrastructure become a target for cyber attackers. But when the entire critical infrastructure goes online, it will be too late to put the toothpaste back in the tube.
The stakes are now much higher than a hacked Instagram account of downloading an attachment of a phishing email. Silicon Valley's mantra of ‘move fast and break things’ could lead to the loss of life without adequate caution and cyber protection in place.
In the last few years, we have witnessed cyber-attacks on a Polish airline, a steel mill, and prosecutors also recently tried to prove that a ransomware attack on a German hospital was to blame for the loss of life.
The FireEye hack is a timely reminder of the developments that look certain to carry on into our immediate future.
The stereotype of a hooded teenage hacker in their bedroom leaning menacingly over a keyboard is dangerously out of touch with reality. State-sponsored cyberattacks that target high profile businesses and even the critical infrastructure of a nation are redefining the concept of war in a digital age.
There is a worrying emerging trend where state-sponsored cyberattacks are being combined with media manipulation and the spreading of propaganda to target audiences on social channels. The new hybrid approach to warfare can destabilize and even cripple an entire nation from the other side of the world. Maybe it's time to retire the lazy image of the lone hooded hacker once and for all.