Caleb Boma | December 9th, 2020

The FireEye hack is a regrettable event that will likely cause significant issues for US companies and governmental agencies. The threat actors behind the FireEye compromise targeted FireEye’s internally developed red team tools. FireEye used these custom tools and exploits to conduct penetration testing on organizations to expose vulnerabilities within networks. Although, FireEye claims that none of what was stolen was a zero-day vulnerability, based on SpearTip’s experience, a significant number of environments are vulnerable to these hacking tools. More than likely, you have systems on your network that are vulnerable to these hacking tools.

Ransomware threat groups will use these tools to steal data and encrypt systems within companies to extort them for large ransom payments within the next 3-4 months. These attacks will lead to large ransomware insurance claims, when covered, and cause significant disruptions to businesses.

Cyber issues continue to increase in severity. Just this morning, 9 Dec, we facilitated four new incident response engagements where the companies data was likely stolen, and systems throughout the corporate networks were encrypted. Of those companies, all had purchased a backup solution and an antivirus solution; only one of those had working backups were working. Even with working backups, they had to engage our IT Remediation team and look at 1-2 weeks before being fully operational. In each case, the threat actor stole data and was threatening to post it online for anyone to download. The ransom demands ranged from $600,000 to $1,400,000. The companies ranged in size from 30 – 450 employees. We wish we were just fear-mongering, but this is a continued threat we see increasing daily.

Despite this bad news, there is a lot a company can do about it. Below are just a few recommendations.

Have a dedicated cyber insurance policy with sufficient limits and the right coverage types – working with a cyber insurance broker is critical.

You need to invest in your security.

You need to invest in expertise, not just technology.

If you have concerns about your security posture, feel free to reach out.

Our 24/7 Security Operations Center (SOC) is complete with certified security engineers to monitor and protect your environment. Not only are they continuously preventing cyberattacks, but they can also deploy ShadowSpear® in your environment before or after an attack.