Cybersecurity firm FireEye is the latest in a long line of organisations to suffer a breach in recent years, showing that no one is safe from threat actors. Here, we discuss the implications of the FireEye hack and recount some of the top breaches of the past five years.
In the past week, Cybersecurity firm FireEye shared details of a recent cyber attack against the company orchestrated by a highly sophisticated threat actor. Following the potential state-sponsored attack, FireEye confirmed that, “the attackers tailored their world-class capabilities specifically to target and attack FireEye.” The attackers had set their sights on FireEye’s “Red Team” assessment tools that the company uses to test customer security.
Writing on the company blog, FireEye’s CEO Kevin Mandia claimed that the attackers “primarily sought information related to certain government customers.”
The attack highlights an alarming increase both in cybersecurity threats and their severity as the world becomes more and more reliant on digital technologies following the global pandemic. It also demonstrates the urgent need for companies to reassess their cybersecurity strategies as more threat actors enter the game.
Highly Skilled, Well-Funded & Dangerous – The Modern Threat Actor
Further explaining the circumstances of the attack, Mandia disclosed more about the “Red Team” tools the attackers were looking to steal. The revelation showed the increasing dangers posed by state-backed threat actors. “These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to customers,” he said. “None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.”
He further explained the countermeasures FireEye had undertaken to address the breach. “We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them,” Mandia said. “Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools.”
These countermeasures included ones to detect or block use of the stolen “Red Team” tools, security updates to FireEye products, public and cross-company sharing of the countermeasures, and a dedication to constantly refine and share mitigations for the tools as they’re released.
Cyber Threats Continue to Make Headlines
While it’s perhaps out of the ordinary to see a cybersecurity firm as the victim of an attack, it does highlight the dangers posed by modern cyber criminals. And typifies a startling trend that in recent years has seen billions of records hacked globally.
For instance, in March 2018, UnderArmour announced that hackers had accessed the backend database of its fitness app, MyFitnessPal. A monumental 143.6 million records were hacked, with usernames, email addresses and hashed (encrypted) passwords the main takings.
Later that same year, hackers also hit Exactis. The marketing and data aggregation specialists had amassed hundreds of millions of records on Americans and businesses – and it was this that attracted the cyber criminals. What didn’t help was that Exactis’s database was on an unsecure server, one which security researcher Vinny Troia identified in June 2018. Exactis had stockpiled personal data like email addresses, home addresses, phone numbers and hobbies.
Elsewhere, and perhaps more famously, the global hotel group Marriott International suffered a data breach in 2019 after hackers stole the records of 339 million guests. As the breach occurred after the GDPR enforcement date – though the breach may have first occurred as far back as 2014 – the company risked a £100m fine by the UK’s Information Commissioner’s Office. It later received a comparatively light £18.4m GDPR fine in October 2020.
But these breaches are meagre in comparison to the 2017 River City Media and 2016 Yahoo! breaches. In these instances, an eye-watering 1.37 billion and up to 3 billion records were hacked, respectively.
With 117 publicly reported security incidents in October 2020 alone, the rate of breaches is increasing rapidly. Companies must make cybersecurity a fundamental aspect of their recovery following the global pandemic.
Cybersecurity Must Adapt – Are You Ready?
October 2020 was the leakiest month ever recorded by IT Governance, with 117 publicly reported security incidents. Positively, hackers only breached 18.4 million records – a paltry sum compared to the billions we talked about earlier. But the sheer number of breaches, and the fact that many companies didn’t report full (or any) numbers of compromised records, suggests the problem could go a lot further. And the problem is clearly growing.
Therefore, these catastrophic breaches paint a clear picture for cybersecurity leaders going into 2021: we must do more. No organisation is safe from the threat of cyber-attack, not even cybersecurity firms themselves. And as we continue to move into increasingly digital ways of working – a move clearly accelerated by 2020’s pandemic – cybersecurity must take on a new level of importance within business.
In 2021, we’ll be running a series of events focused on cybersecurity, both here at CEO.digital and with our friends at Chief Wine Officer. Check out the events calendars now and sign up to the security discussions to better prepare your company for the threats of tomorrow.