FireEye said An assault that looks like it was aimed at the information of government customers.” The real breach, though was the Red Team tools… That could make hackers more strong.
FireEye (FireEye) has fallen into state-backed hackers’ possession. Since infiltrating the world’s leading defender’s systems, anonymous hackers stole Red Team instruments, CEO Kevin Mandia reported on his blog. It is said that FireEye is reviewing the case with the FBI and with Microsoft.
This assault varies a little from the cyber-attacks we’ve seen so far. To threaten an agency called FireEye, the attackers used the world’s top-notch technologies and executed customized assaults. They are highly educated, notably in operational safety, and are considered to be experts. In a structured assault and immense willpower, they attacked FireEye, and though operating in secrecy, they one by one neutralized our surveillance equipment and forensic monitoring system. We also also seen a number of innovations we’ve never seen before.
It is the Red Team appraisal tools of FireEye which have succeeded in invading attackers. This are the elements that FireEye uses to determine customers’ protection status.
For this cause, it is said that FireEye is currently offering a way to identify malicious or illegal attempts to use instruments for tools-related consumer businesses. While no suspicious spots have been identified yet, Mandia said that a countermeasure (https:/github.com/fireeye/red team tool countermeasures) has already been prepared and disclosed to GitHub.
FireEye has not referred to a single nation yet. But it was claimed by the New York Times that Russia appeared to be behind it.
Mandia said The ultimate goal of the attackers seems to be FireEye’s customers.” It seems, however that FireEye has not been able to access customer details or metadata obtained from FireEye equipment relevant to different projects currently underway. It has succeeded in accessing the internal systems of FireEye, however. “We will notify the customer immediately if it is revealed that customer information has been leaked.”
How the attackers went through FireEye’s security mechanism was not clearly disclosed by Mandia. It has been established in the past, though, that a defense firm can not be deemed protected from attacks by hackers. The Italian defense company Hacker Squad has been hacked in the past, and even the hacking tools of the NSA have been leaked on the Internet.
“The challenge left now is to quickly deploy the response tools FireEye released on GitHub to FireEye solution users.” John Bambenek, chairman of security company Bambenek Laboratories, points out. The war of time, in a phrase, will begin from now on.
Perhaps it is very likely that the attack will continue in secrecy. This suggests that it would be hard to spot, even if an attack happens. Therefore, you would have to mount the countermeasures spread via GitHub this time if you have something to do with FireEye.
Now that is the best defense we can do.” This is the explanation of Bambenek.” First of all, I recommend first adding it to IDS/IPS devices, and then to software for endpoint detection. First you need to strengthen your knowledge of how these systems function, so that they can identify them straight away if attackers make adjustments.
The Red Team software from FireEye have a great ability to evade security solutions and this would have been coveted by attackers,”FireEye’s Red Team tools have a great ability to evade security solutions, and attackers would have coveted this,” If you just snatch a solution from FireEye, you will skip the security solution. Why do you want the goal to be examined and analyzed? Attackers have benefited immensely from this solution being taken up.
“If FireEye’s Red Team tools were leaked, it would be fatal to many organizations,” said Rick Holland, vice president of Digital Shadows, a security agency. In the future, defenders will face several problems if attackers even distribute this tool to hackers. The barriers to entry into the cybercrime industry would be reduced further for hackers.