Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

FireEye Hack Portends A Scary Era Of Cyber-Insecurity

If this company’s defenses can be breached, whose can’t be? FireEye Hack Portends A Scary Era Of Cyber-Insecurity

Unless you’re an information technology guru, or someone whose professional duties include protecting computer networks from cyberattacks, you may not have heard of FireEye Inc., a little Milpitas, California, company specializing in digital warfare.

But you should pay attention to what happened to FireEye recently, because it speaks volumes about persistent threats to private and public security — and the high-stakes robberies that plague even the most sophisticated operators.

FireEye’s chief executive officer, Kevin Mandia, disclosed Tuesday that his company’s servers had been hacked. Given that FireEye is a go-to enterprise for governments and corporations bloodied by their own hacks, and rely on FireEye to defend or rescue them by identifying and blocking breaches, Mandia’s disclosure is revealing.

“Based on my 25 years in cybersecurity and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years,” Mandia said.

“The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”

Wow. Who Are These Guys?

While the Federal Bureau of Investigation would attribute the FireEye hack only to an “actor” that seemed to be a “nation-state,” reporters with the Washington Post were more specific: It was Russia. And not just any Russians, but a group known as “APT29” or “Cozy Bear,” hackers affiliated with the Kremlin’s intelligence services.

Cozy Bear’s pedigree includes past hacks of the State Department and White House during the Barack Obama administration and, perhaps most famously, of the Democratic National Committee’s servers during the 2016 presidential campaign. (Who did the State Department and the White House recruit to clean up the earlier breaches? FireEye.)

FireEye said the hackers pilfered its so-called Red Team tools. That’s the stuff companies like FireEye use to test vulnerabilities of computer networks to make them more resilient. The tools are meant to mimic a complex assault, and now they’re in the hands of a hostile player.

FireEye said the hackers focused primarily on information from its government clients, and it released 300 countermeasures for its customers and the public to use against hacks enabled by the stolen tools. The company also said it hadn’t seen any of its tools used yet for break-ins, and none involved “zero-day” exploits — meaning the malware wasn’t used to sneak into and derail a network before defensive patches could be applied.

“We do not believe that this theft will greatly advance the attacker’s overall capabilities,” FireEye noted.

Maybe. We won’t really know how attackers might use the goodies they ripped off from FireEye until they start trying. The Cybersecurity & Infrastructure Security Agency, a federal body that monitors digital security, said the thieves could use FireEye’s tools to “take control of targeted systems.”

EternalBlue, a hacking tool the U.S. National Security Agency developed to exploit vulnerabilities in Microsoft Corp.’s Windows operating system, got out into the wild after the NSA itself was infiltrated in 2017. Hackers successfully used EternalBlue to attack networks for at least a year after the tool was leaked.

In addition to the federal government, FireEye’s customers have included the city and county of San Francisco, the University of South Carolina, the Penn State Health Milton S. Hershey Medical Center, Sony Corp. and Equifax Inc. The company says it has more than 9,600 customers in 103 countries, including more than 50% of the Forbes Global 2000. It also provides digital protection to more than 1,000 government and law enforcement agencies worldwide.

And if FireEye itself can be hacked, who can’t be? Investors aren’t happy with the company. Its share price has plunged more than 13% since it disclosed the attack.

FireEye presumably had lots of complex malware source code on its servers, and either it was lax about leaving sensitive data connected to a network outsiders could access or its vaunted security protocols weren’t bulletproof.

It’s also possible that the hackers weren’t after FireEye’s Red Team tools or even client data. They may have simply wanted to learn how much confidential information FireEye had in its vaults about the world’s most sophisticated digital marauders — folks like Cozy Bear.

In a world populated with Cozy Bears, there are plenty of potential targets.

FireEye isn’t the first security firm to be breached. RSA Security, the company that makes SecurIDs, was hacked back in 2011, for example. Duplicates of RSA’s compromised tokens were used to hack Lockheed Martin Corp., a major defense contractor. This year alone, North Korea and Russia have repeatedly tried to hack the servers of pharmaceutical companies pursuing a Covid-19 vaccine. U.K. and U.S. cybersecurity agencies accused Cozy Bear in July of trying to hack a number of unidentified groups involved in developing a coronavirus vaccine.

Pfizer Inc. said Wednesday that coronavirus vaccine documentation it turned over to Europe’s top drug regulator was hacked in a cyberattack on the agency. The NSA recently warned other administrators of national security and defense systems that they were at risk because Russian hackers were exploiting vulnerabilities in products made by VMware Inc., a software company.

The lesson in all this may be that no person or entity can avoid being hacked if the forces of well-resourced and deft nation-states are on the prowl.

In the most optimistic scenario, all of us may be permanently mired in a never-ending cat-and-mouse game between digital security guards and hackers. The bleaker scenario is endless cyberwarfare among countries such as the U.S., Russia and China — conflicts that have the power to undermine democracy, upend personal privacy, compromise national security, leave societies awash in misinformation, and turn that mobile phone you’re holding into a time bomb.

Updated: 12-28-2020

FireEye Needs To Keep The Heat On

The SolarWinds hack has boosted shares of the former cybersecurity star, but the benefits aren’t so clear-cut.

Going from predator to prey back to predator again has been a profitable ride for FireEye investors. How it works out for the company itself remains to be seen.

High-profile network breaches have often been a boon for cybersecurity stocks, and the massive SolarWinds hack has been no exception. The NYSE FactSet Global Cyber Security Index has jumped 13% since the attack was reported on Dec. 13. The 12 largest pure-play vendors on that index are now up an average 20% in that time.

The attack used a flaw in the network-management software sold by SolarWinds, a Texas-based IT company that counts many federal agencies as customers. But ironically, it was brought to light by FireEye, which specializes in hack investigations and was itself a victim of the attack.

It has been a wild ride. FireEye’s shares sank 13% after it reported the breach of its own system on Dec. 8. That seemed like very bad news for a company that is often the first call for other companies who suffer an attack. Citigroup analyst Walter Pritchard warned at the time that FireEye faced a clear risk of “reputational damage,” even as the company described the attack as the work of “a highly sophisticated state-sponsored attacker utilizing novel techniques.”

But since more news has dribbled out about the scale of the attack and SolarWinds’ centrality to it, sentiment shifted hard. FireEye’s shares have soared 66% from their initial selloff and are now up 49% this month—beating out even other red-hot cybersecurity names such as CrowdStrike and Zscaler that analysts believe will be the primary beneficiaries of increased corporate IT security spending.

Those two are up 44% and 32% for the month, respectively, and more than 300% for the year. SolarWinds, by contrast, has lost one-third of its market value since the attack became public.

Investors generally treat high-profile breaches as promotional events for cybersecurity companies. But the impact on actual business isn’t always clear-cut. FireEye played a major role in investigating the Sony hack in late 2014, but that didn’t stop the company’s revenue growth from decelerating sharply from the triple-digit rates it had been enjoying in previous quarters.

And security already was the top spending priority for companies this year, according to a December survey of chief information officers by Goldman Sachs. Fatima Boolani of UBS notes that checks with companies since the SolarWinds attack became public “indicate a ‘spending smart’ not ‘spending hard’ mentality.”

So cybersecurity stocks could be setting up for a big correction later as reality sets in. FireEye’s advantage here is that it is still one of the cheapest pure-play cybersecurity vendors, trading at just 5.3 times forward sales. And it isn’t alone in a sector long driven by a hot-or-not approach by investors.

CrowdStrike and Zscaler carry multiples ranging from 47 to 50 times forward sales. By contrast, Palo Alto Networks, Check Point Software and Fortinet —three of the largest cybersecurity pure plays by annual revenue—trade around eight to nine times forward sales.

But as Mr. Pritchard of Citi noted in a Dec 21 report, the most relevant countermeasures to the SolarWinds hack don’t involve the cloud, where the most highly valued companies specialize. He expects the hack to remind investors “that some ‘legacy’ players are less irrelevant than what is priced into shares.” FireEye just needs to translate that relevance into new business.

Related Articles:

How FinCEN Became A Honeypot For Sensitive Personal Data

Apple And Google To Stop X-Mode From Collecting Location Data From Users’ Phones

Surge In Physical Threats During Pandemic Complicates Employee Security Efforts

Imagine A Nutrition Label—for Cybersecurity

Cybercriminals Attack GoDaddy-based Cryptocurrency Platforms

Biden Team Lacks Full U.S. Cybersecurity Support In Transition Fracas

Nasdaq To Buy Anti-Financial Crime Firm Verafin For $2.75 Billion

Mysterious Software Bugs Were Used To Hack iPhones and Android Phones and No One Will Talk About It

Dark Web Hackers Say They Hold Keys To 10,000 Robinhood Accounts #GotBitcoin

Hackers Steal $2.3 Million From Trump Wisconsin Campaign Account

Crypto Scammers Deface Trump Campaign Website One Week From Elections

Telecoms Protocol From 1975 Exploited To Target 20 Crypto Executives

With Traders Far From Offices, Banks Bring Surveillance To Homes

Financial Systems Set Up To Monitor Unemployment Insurance Fraud Are Being Overloaded (#GotBlockchain?)

A Millionaire Hacker’s Lessons For Corporate America

Container Shipping Line CMA CGM Says Data Possibly Stolen In Cyberattack

Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History

Hacker Releases Information On Las Vegas-Area Students After Officials Don’t Pay Ransom

Russian Troll Farms Posing As African-American Support For Donald Trump

US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists

These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off

Senate Panel’s Russia Probe Found Counterintelligence Risks In Trump’s 2016 Campaign

Bockchain Based Surveillance Camera Technology Detects Crime In Real-Time

Trump Bans TicToc For Violating Your Privacy Rights While Giving US-Based Firm Go Ahead (#GotBitcoin?)

Facebook Offers Money To Reel In TikTok Creators

How A Facebook Employee Helped Trump Win—But Switched Sides For 2020

Facebook Rebuffs Barr, Moves Ahead on Messaging Encryption

Facebook Ad Rates Fall As Coronavirus Undermines Ad Spending

Facebook Labels Trump Posts On Grounds That He’s Inciting Violence

Crypto Prediction Markets Face Competition From Facebook ‘Forecasts’ (#GotBitcoin?)

Coronavirus Is The Pin That Burst Facebook And Google Online Ads Business Bubble

OpenLibra Plans To Launch Permissionless Fork Of Facebook’s Stablecoin (#GotBitcoin?)

Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)

FTC Approves Roughly $5 Billion Facebook Settlement (#GotBitcoin?)

How Facebook Coin’s Big Corporate Backers Will Profit From Crypto

Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)

A Monumental Fight Over Facebook’s Cryptocurrency Is Coming (#GotBitcoin?)

Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)

Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)

Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)

Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)

Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)

Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)

New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)

Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)

Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)

Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Maxine Waters (D., Calif.) Rises As Banking Industry’s Overseer (#GotBitcoin?)

FICO Plans Big Shift In Credit-Score Calculations, Potentially Boosting Millions of Borrowers (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply