What the Breach at Leading Cybersecurity Firm FireEye means to Small Business
December 11, 2020
What's the issue?
A global threat intelligence and cybersecurity company, FireEye, had its offensive security tools stolen by hackers, the company announced. Offensive security tools are the computer programs that security companies use to test their client’s security. Similar to hackers, FireEye uses their own tools to attempt to disrupt or penetrate their client’s systems to identify weaknesses. FireEye’s tools are in some cases equal to or better than what many cyber criminals use.
FireEye, a $3.5 billion company, has revealed they were “under cyberattack by ‘highly sophisticated’ actors, likely sponsored by a nation-state.” Evidence currently points to Russia as the nation-state from which the attack originated. FireEye has a history of prominent wins against Russian cyber threat actors, and this attack is seen as possible retaliation. The company, that does work for both private and public sector organizations, says attackers stole certain Red Team assessment tools that they use to test their clients’ security.
Larry Keating, President of NPC, explains “while it remains to be seen if those tools gave the threat actors significant new capabilities, what they ultimately do with them will determine the impact this may have on businesses in the future. Released or sold to other criminals whose capability it does enhance could aid in the improved effectiveness of implanting ransomware, business email compromise, and other forms of attack.”
Comparatively, the NSA hacking tools stolen a few years ago increased the spreading capability for WannaCry and NotPetya ransomware, impacting many thousands of small and medium businesses causing billions in damage.
Keating went on to say, “nation-states steal this kind of intellectual property to improve their own skill sets and assess the capabilities of their enemies, but it is often repurposed through other criminal groups they permit for economic attack.”
What does this mean to me?
FireEye responded very quickly and transparently to the incident and have released countermeasures they had already been prepared to disable some of the effectiveness of the stolen tools.
But be aware that, in undetermined ways, the capability of the bad guys has yet again been increased. The outcome of this breach may be better, more automated attacks on businesses and professionals. This could come in the form of more capability to break into your computer and systems, or the companies you do business with.
FireEye has informed the FBI and is working with the Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security in the Unites States, to determine the scope of the attack and its possible impacts. We will be monitoring carefully any information made available, from this and other sources, and will update this alert if we think you can benefit from the new information.
What should I do?
Cyber threat is a problem that impacts all of us. We could all take the position that if they can penetrate a global leader in cybersecurity, what chance do the rest of us have? This would be like ignoring protective precautions for COVID because it has become such a big problem. Rather, each of us has a responsibility to do all we can to protect our computers and systems. Nothing short of a global effort can thwart a global threat.
Follow these four best practices of cybersecurity, no matter your size:
- Educate Yourself and Your Team - Learn about the threats and what you can do about them. Cyber threat is a fact of life in the digital age. From top to bottom in an organization, from board member to front line personnel, it is everyone’s responsibility to be educated and engage the battle.
- Invest in Up-To-Date Technologies - Our businesses run on technology. Without question newer technology, from computers to operating systems, are and can be made more secure. If you are unsure of how to do that, work with a security professional or managed services provider to have it done for you. Investing in security technologies, as well as computing capability itself, is critical to protecting your business. As a small business professional there are many tools and services available to make you resilient against cybercrimes.
- Patch, Patch, Patch - Once you invest in up-to-date technologies, keep them current. Most breaches and virus infections are the result of exploiting older hardware and unpatched software.
- Have a Plan - No matter your size, have an Incident Response Plan to respond to an attack to minimize the damage from an incident. As well, a plan for your technology needs, deployment and security is critical to a properly organized and managed approach to utilizing technology.