Hacked Cybersecurity Systems and Stolen Security Data Risks

A stunning cybersecurity attack on FireEye allowed hackers to impact consulting, government, technology and telecom entities worldwide. The hardware and software company that protects clients in Asia, Europe, the Middle East and North America experienced an attack that may include other victims as well. Services by the company include preventing large-scale cyberattacks, deterring malicious software, investigating causes and analyzing cybersecurity risks.

What was the FireEye attack or hack about?

The attack on FireEye targeted its specialized security assessment capability, the Red Team hacking tools that make the company a leader in cybersecurity. Fortune 500 companies, numerous agencies of the federal government and thousands of worldwide organizations use the security systems that the attackers targeted successfully. FireEye attributes the attack to hackers backed by a nation-state motivated more by obtaining secret information or controlling critical systems than by financial gain.

Was cybersecurity system data about other companies stolen?

FireEye has not found any indication that the attack obtained information from the company’s consulting arm, incident-response business or intelligence data. Instead, the attack focused on the tools that FireEye uses to replicate potential hacking activities and identify weaknesses in clients’ computer networks. The U.K.’s Daily Mail reported that no evidence exists that the attack succeeded in removing client data, although when this occurs “stolen security related data about the state of an organization’s systems may prove to be extremely valuable to hackers who plan to penetrate systems” according to Henry Bagdasarian, Founder of Identity Management Institute.

What are the consequences of the hack for FireEye?

FireEye anticipates minimal impact from the hack. Still, it must replace the stolen tools and sustain a financial loss on professional services which account for more than 20 percent of company revenue. A lack of client credibility may impinge on the company’s claim of superiority over competitors in cybersecurity, leading to long-term damage to its reputation. Some business activity may slow down until clients can resume using FireEye’s consultant services without fear of a potential risk of exposure to insecure systems.

What consequences do FireEye users experience?

The theft of FireEye’s Red Team tools deprives clients of the cybersecurity capability to detect and deter system vulnerabilities. With tactics that the company had not seen previously, the attack limits clients’ ability to protect system integrity. FireEye’s tools allow clients to simulate actual attacks by cybercriminals, and the theft deprives them of the ability to defend against malicious acts that can create long-term damage.

What protections do the various types of cybersecurity software provide?

Cyber technology provides five kinds of security to address increasingly complex demands.

1. Securing critical infrastructure

Interruption of the physical systems that support modern societies can occur through cyberattacks on the electricity grid, hospitals, shopping centers, traffic lights and water purification. Responsibility for protecting critical infrastructure rests with organizations that understand the vulnerabilities that malicious attackers may exercise. Users of systems can develop contingency plans that provide alternative solutions in case of an attack on essential systems.

2. Protecting applications

Hardware and software identify and deter threats to malicious attacks through network installations of anti-virus programs, firewalls and encryption programs. Essential components of cybersecurity, the applications prevent unauthorized access to valuable assets and protect them from attack.

3. Securing a network

Protection of internal networks and infrastructure from unauthorized intrusion can result from implementing advanced network security technology. Security teams may incorporate machine learning to detect an abnormal increase in traffic that can indicate the presence of threats. Internal policies that can help prevent unauthorized access include anti-spyware software, additional logins, anti-virus programs, encryption methods, firewalls and new passwords.

4. Monitoring cloud security

Software-based tools protect the data in cloud resources by creating more security than traditional approaches can offer. Storage on physical servers offers less effective security measures and allows a greater incidence of intrusion. Studies indicate that an on-premise environment allows more than twice as many attacks as a service provider environment provides.

5. Securing the Internet of Things (IoT)

Unprecedented growth in ownership of appliances, printers, sensors, security cameras, televisions and Wi-Fi routers that connect to each other and the internet broadens the base of concerns for invasion by malicious attacks. Many intelligent devices exist in a vulnerable state that includes no security capability while they comprise the central technology of the consumer market for IoT.

What was FireEye response following the incident?

FireEye has not seen any evidence that the attack resulted in the use of the stolen tools. To counteract any potential impact, the company implemented some countermeasures that block any unauthorized use of the Red Team tools. A decision to share the implemented countermeasures with the security community helps others update their detection tools, and a blog post provides access to the measures as well.

What risks exist for the theft of software data?

FireEye’s filing to the U.S. Securities and Exchange Commission stated that no evidence existed that attackers had stolen customer data. While the theft of security software creates a potential risk, FireEye’s tools provide a greater risk as a threat to governmental security systems.

How does the attack affect the risk for theft of the software program?

While the loss of security tools presents a threat, FireEye’s disclosure of the malicious intrusion alerts users to exercise countermeasures. The company works with different software makers to improve defenses against its proprietary security tools, enhancing the likelihood of others avoiding compromises in security.

What can users of security software products learn from the FireEye attack?

Experts caution that a security breach can happen anywhere at any time, and the response to it may matter more than the incident. FireEye advised clients of Common Vulnerabilities and Exposures that may curtail the usefulness of the stolen security tools. A further step includes rules that clients can use in responding to any apparent use of the stolen tools.

What can we learn from the breach?

The compromise to software that affected the Pentagon and the U.S. military, the Justice Department, NASA, the National Security Agency, the State Department and leading telecommunications and accounting firms occurred from an infected security update. Users received instructions from the Homeland Security Department to review all networks for evidence of compromise and to disconnect products from the compromised products. The attack increased the need for users to monitor potential exposure to malicious intrusion and implement measures to prevent exploitation.