fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FireEye Reveals That It Was Hacked By A Nation State APT Group

FireEye Reveals That It Was Hacked By A Nation State APT Group

Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group.

The attackers were able to steal Red Team assessment tools FireEye uses to test customers’ security and designed to mimic tools used by many cyber threat actors.

FireEye is one of several security firms that have been compromised in similar attacks, with Trend Micro admitting to a breach in May 2019, Symantec in 2019, Avast in 2019 and 2017 [123], Kaspersky in 2015, and RSA Security back in 2011. Google was also hacked in 2009 by an APT group linked to China.

Attacker showed all the signs of a state-backed threat actor

“Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack,” Chief Executive Officer and Board Director Kevin Mandia said in a filing with the Securities and Exchange Commission (SEC).

“Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities.

“This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye.”

The threat actor who breached FireEye’s defenses specifically targeted FireEye’s assets and used tactics designed to counter both forensic examination and security tools that detect malicious activity.

The cybersecurity firm is still investigating the cyberattack with the collaboration of the Federal Bureau of Investigation and security partners like Microsoft.

So far, initial analysis of the attack supports FireEye’s conclusion that the company was the victim of a “highly sophisticated state-sponsored attacker utilizing novel techniques.”

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

State-sponsored hackers stole FireEye Red Team tools

“During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security,” Mandia added.

“None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.”

The stolen tools “range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as CobaltStrike and Metasploit,” FireEye said in a blog post on its Threat Research blog.

However, many of them were already available to the broader security community or were distributed as part of FireEye’s CommandoVM open-source virtual machine.

The Red Team tools stolen in the attack haven’t yet been used in the wild based on information collected since the incident and FireEye has taken measures to protect against potential attacks that will use them in the future:

  • We have prepared countermeasures that can detect or block the use of our stolen Red Team tools.
  • We have implemented countermeasures into our security products.
  • We are sharing these countermeasures with our colleagues in the security community so that they can update their security tools.
  • We are making the countermeasures publicly available on our GitHub.
  • We will continue to share and refine any additional mitigations for the Red Team tools as they become available, both publicly and directly with our security partners.

This GitHub repository contains a list of Snort and Yara rules that can be used by organizations and security professionals to detect FireEye’s stolen Red Team tools when used in attacks.

Government customers’ information also targeted

During the attack, the threat actor also attempted to collect information on government customers and was able to gain access to some FireEye internal systems.

Also Read: How a Smart Contract Audit Works and Why it is Important

“While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems,” Mandia explained on FireEye’s corporate blog.

FireEye is a cybersecurity firm founded in 2004 with headquarters in Milpitas, California. It has over 8,500+ customers in 103 countries and more than 3,200+ employees worldwide.

Update December 09, 04:41 EST: The FBI Cyber Division’s Assistant Director has issued a statement regarding the ongoing investigation of the FireEye hack:

FBI Cyber Division statement
FBI Cyber Division statement (Eric Geller)

Washington Post also reports that, according to sources, the state-backed hacking group behind the FireEye security breach is the Russian cyberespionage group APT29 (aka Cozy Bear).

This group is linked to attacks on commercial and government entities from Germany, South Korea, Uzbekistan, and the USA, including the Pentagon, the Democratic National Committee, as well as the U.S. State Department and the White House in 2014.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us