Whenever a company or government is hacked, they usually call a cybersecurity forensic company to investigate: who did it, how did they do it, why did they do it, what were they after, and how do we protect ourselves going forward? One of the preeminent players in this space is FireEye — they’re experts on state-backed hacking (especially Russia) as well as international-grade ransomware (they were one of the lead players in the NotPetya forensic investigation). And according to the New York Times, FireEye has just become a victim of a massive hack themselves.
Which raises the question — if experts like FireEye are vulnerable, what can we as business owners hope to do in the face of such incursions?
What does the FireEye incursion mean for you and your business today?
For now? Not all that much. The hack was primarily focused on acquiring FireEye’s ‘Red Team’ tools, which is basically the proprietary toolkit FireEye constructed to test clients’ systems for weaknesses. According to the Times, these ‘Red Team’ tools are essentially “digital tools that replicate the most sophisticated hacking tools in the world. FireEye uses the tools — with the permission of a client company or government agency — to look for vulnerabilities in their systems. Most of the tools are based in a digital vault that FireEye closely guards.”
So what would a hacker want with these ‘Red Team’ tools, anyway?
It turns out that if you’re a leading investigator into Russian hacking and disinformation, Russia is likely to strike back at you:
“FireEye revealed on Tuesday that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.
It was a stunning theft, akin to bank robbers who, having cleaned out local vaults, then turned around and stole the F.B.I.’s investigative tools. In fact, FireEye said on Tuesday, moments after the stock market closed, that it had called in the F.B.I.”
What the FireEye attack means going forward
Having access to some of FireEye’s best tools means that Russia (or just hackers writ large if they release it publicly) now has another toolbox for incursion, theft or data destruction. If it gets in the hands of petty hackers, it’s yet another set of tools they can use to penetrate your systems.
All of this underlies how indispensable enterprise-grade cybersecurity really is. You don’t even have to make an egregious error to fall victim to complete digital immolation — just being tangentially connected to the wrong 3rd party servicing company could open you up to disastrous risks. That’s why secure backups, stored separately and safeguarded religiously, are the lifeblood of the modern security strategy.
All this information doesn’t mean much to a small business if you can’t protect yourself from the sorts of attacks we’re likely to see come out of these tools. We take that stress and uncertainty off your plate so you can focus on running your business, while we focus on keeping that business digitally safe.