The ever-changing nature of cyberthreats from Nation-States has recently come into sharp focus with the hacking of FireEye. Part of an overall larger cyberwarfare campaign against the United States government, the hacking is a reminder of an essential truism of cybersecurity – no one is safe and anyone can get hacked.
FireEye, a California-based cybersecurity company, revealed in a blog post written by their CEO Kevin Mandla that they had been attacked by a highly sophisticated threat attacker. “We have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security,” wrote CEO Mandla in the blog post, “These tools mimic the behaviour of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contains zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.”
A coordinated campaign
The rest of the post provided more details on the countermeasures the organization was taking to minimize the impact of this cyberattack. It later revealed that the Federal Bureau of Investigation (FBI) was looking into the event with suspicion pointing towards a larger coordinated campaign run by a nation-state, alleged to be Russia. The attackers launched supply chain attacks on US government agencies by exploiting vulnerabilities in software from Microsoft, SolarWinds and VMWare.
The hack on FireEye remains especially significant. An attack on a cybersecurity agency demonstrates the bitter truth that no organization can afford to be complacent.
The ever-evolving nature of threats
What happened to FireEye should remind all organizations everywhere that you can never be prepared enough. New threats are continuously evolving and organizations will need to update themselves regularly to stand a chance. The rules keep changing and organizations cannot afford to rest.
Threat response mechanisms must be calibrated
FireEye’s response was worth emulating and a good lesson to other enterprises on actions to take if they are at the receiving end of similar attacks. The CEO transparently and publicly communicated the entire flow of events, thus providing the clarity required. The company also worked with law agencies to find the culprits and provided a list of countermeasures they had taken so that their clients remained reassured.
This is an example of how companies must prioritize threat response along with prevention. After all, with the hybrid nature of threats, any enterprise may get breached but it is the response that is important. A well-calibrated response mechanism can help an enterprise swiftly recover from a breach.
The importance of the supply chain
The FireEye hack and the overall larger cyberattack against agencies of the US government is an example of the damage supply chain attacks can cause. It is a reminder to employees to be vigilant and vet their entire supply chain carefully when it comes to cybersecurity resilience. An enterprise may have implemented strong cybersecurity controls but threat actors, as they have demonstrated countless times, can still enter systems thanks to vulnerabilities in the supply chain.
Nation-state attacks will become more frequent
If enterprises didn’t take nation-state attacks seriously till now, the FireEye hack should serve as a major wake-up call. We are already seeing a new era of digital warfare where enemy states will not think twice before employing threat actors to destroy and infiltrate other states. Enterprises must have strategies in place to defend against cyberattacks by nation-states.
Seqrite’s comprehensive suite of enterprise security solutions proactively guards IT assets from hacking attempts and other various cyberthreats ensuring complete protection for your organization.