If one of the biggest names in cybersecurity can be breached, what chance does an average person stand against hackers?
That’s a likely question after high-profile cybersecurity firm FireEye earlier this week said hackers breached its network and stole the toolkit it uses to probe customers’ systems to find weaknesses.
The hack was conducted “by a nation with top-tier offensive capabilities,” FireEye CEO Kevin Mandia said Tuesday in a blog post. The company is investigating the incident, as is the Federal Bureau of Investigation, and companies such as Microsoft.
Mandia said there is no sign that the hackers have used the stolen tools, nor is there evidence that customer information was stolen, Mandia said. FireEye has developed more than 300 countermeasures against the tools for use by customers and the cybersecurity community.
Google:Ouster of of top AI researcher draws sharp new scrutiny of how it treats Black employees
Disney+:Streaming service has a $1 price increase to $7.99 coming in March
The hackers “primarily sought information related to certain government customers,” Mandia said in the statement, without naming them.
Milpitas, California-based FireEye, which is publicly traded, has more than 9,600 customers globally including more than 1,000 government and law enforcement agencies.
A major global cybersecurity player, the firm in the past responded to breaches at Sony and Equifax and helped Saudi Arabia thwart an oil industry cyberattack.
Russian spies likely culprit in breach
The cybersecurity company did not identify a culprit, but the Russian SVR intelligence service is thought to have committed the breach, The Washington Post reported. This is the same Russian spy agency who in 2015 hacked the Democratic National Committee and have been accused of attempting to steal COVID-19 vaccine research data, The Post reported.
“Preliminary indications show an actor with a high level of sophistication consistent with a nation-state,” said Matt Gorham, assistant director of the FBI’s cyber division told The Post.
The hack was the biggest blow to the U.S. cybersecurity community since a mysterious group known as the “Shadow Brokers” in 2016 released a trove of high-level hacking tools stolen from the National Security Agency.
How did this happen?
Hacks will happen, especially with increased activity by bad actors’ during the coronavirus pandemic.
FireEye’s Mandia said that this attack is different in that “the attackers tailored their world-class capabilities specifically to target and attack FireEye. … They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”
Among the tools the hackers got were techniques known as “domain fronting,” the common use of popular brands’ domains including, in this case,…
Read More: Top cybersecurity firm FireEye says ‘nation-state’ is culprit