Under Attack? Breach Response Hotline: Call 833.997.7327 (US/CAN)

FireEye Breach

Caleb Boma | December 9th, 2020

 

The FireEye breach is a regrettable event that will likely cause significant issues for US companies and governmental agencies. The threat actors behind the FireEye breach that targeted FireEye’s internally developed red team tools. FireEye used these custom tools and exploits to conduct penetration testing on organizations to expose vulnerabilities within networks. Although, FireEye claims that none of what was stolen was a zero-day vulnerability, based on SpearTip’s experience, a significant number of environments are vulnerable to these breaching tools. More than likely, you have systems on your network that are vulnerable to these breaching tools.

Details of the FireEye Breach

Ransomware threat groups will use these tools to steal data and encrypt systems within companies to extort them for large ransom payments within the next 3-4 months. These attacks will lead to large ransomware insurance claims, when covered, and cause significant disruptions to businesses.

Cyber issues continue to increase in severity. Just this morning, 9 Dec, we facilitated four new incident response engagements where the company’s data was likely stolen, and systems throughout the corporate networks were encrypted. Of those companies, all had purchased a backup solution and an antivirus solution; only one of those had working backups were working. Even with working backups, they had to engage our IT Remediation team and look at 1-2 weeks before being fully operational. In each case, the threat actor stole data and threatened to post it online for anyone to download. The ransom demands ranged from $600,000 to $1,400,000. The companies ranged in size from 30 – 450 employees. We wish we were just fear-mongering, but this is a continued threat we see increasing daily.

Despite this bad news, there is a lot a company can do about it. Below are just a few recommendations.

Have a dedicated cyber insurance policy with sufficient limits and the right coverage types – working with a cyber insurance broker is critical.

  • For example, without specific coverage, almost no “cyber” policies will cover a ransom payment, especially if this coverage is just added to a liability or EO policy. You may have $10 Million in cyber coverage, but would it actually cover a $1.4 Million ransom payment?

You need to invest in your security.

  • The average company experiences about 2-4 weeks of disruption when working with a competent recovery firm, even when the ransom is paid. What would that cost your company?

You need to invest in expertise, not just technology.

  • If FireEye can be compromised, so can your environment.
  • FireEye’s internal technology failed to detect this; the breach was detected by human cybersecurity experts.
  • Part of your cybersecurity solution must include cyber professionals monitoring your environment 24/7 that can react immediately when the network is attacked.

If you have concerns about your security posture, feel free to reach out. Our 24/7 Security Operations Center (SOC) is complete with certified security engineers to monitor and protect your environment. Not only are they continuously preventing cyberattacks, but they can also deploy ShadowSpear® in your environment before or after an attack.

Categories

Connect With Us

Featured Articles

Protecting Space Satellites
Protecting Space Satellites Using Cybersecurity
25 March 2024
Ransomware-as-a-Service
Growing Cyber Threat: Ransomware-as-a-Service
11 March 2024
Information Security Threats
10 Information Security Threats IT Teams Need To Know
08 March 2024
Data Protection
Companies Investing More Into Data Protection
06 March 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.